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programming. 

We start with the What’s New section, where Juraj 
Sipos shares with you his thoughts on a turnkey server 
made with OpenBSD. 

Then, Mohamed Farag describes the overall process 
of developing and applying different security policies 
within the FreeBSD kernel under the TrustedBSD MAC 
Security Framework. 

Next, Alexandro Silva talks a bit about Nginx, which ts 
a lightweight and powerful HTTP proxy, and Naxsi, which 
is a Nginx Web Application Firewall. 
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Let’s Talk 


OGAhn Eye For An Eye Soon Leads To 
Blindness 
By Rob Somerville 
Former National Security Agency contractor, Edward 
Snowden, has created worldwide controversy by leaking 
United States secrets to British and American newspapers. 
While Snowden seeks permanent asylum, the US bans 
access to the UK Guardian newspaper for US troops. This 
follows in the footsteps of the Stuxnet attack on Iranian 
nuclear infrastructure. Are we at war on the web? 


What’s New 


OSMaheshaOpenBSD - OpenBSD InA 
Serpent World 
By Juraj Sipos 
The article focuses on a turnkey server made with 
OpenBSD. This is available as a USB image that can 
be immediately deployed in the SOHO (Small Office — 
Home Office) environment. MaheshaOpenBSD Server is 
a flavor of the MaheshaBSD Server, originally based on 
FreeBSD, that runs on OpenBSD 5.2 and was released 
on April 5, 2013. 


14 Security Policy Development in 
TrustedBSD MAC Framework 
By Mohamed Farag 
Trusted Operating Systems are the next level of system 
security. They offer both new security features and a 
high assurance of successful implementation. Trusted 
systems differ from secure systems in many principles. 
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Trusted Systems established the concept of “ranking” 
systems with different degrees of trustworthiness. In such 
systems, users decide on trustworthiness and make a 
judgment based on the security of systems. Operating 
systems have to implement security policies, and different 
mechanisms are used to enforce such policies. There are 
various operating system security policies such as the 
Massachusetts Library System (MLS) and Biba, which 
was developed by Kenneth J. Biba. This article describes 
the overall process of developing and applying different 
security policies within the FreeBSD kernel under the 
TrustedBSD MAC Security Framework. 


= 6 Using Nginx and Naxsi for Security and 
High Availability 
By Alexandro Silva 
Nginx is a lightweight and powerful HTTP proxy, mail proxy, 
and reverse proxy server for UNIX-like systems that can 
also be used as an excellent High Availability (HA) and 
cluster system. Naxsi is an Nginx Web Application Firewall 
(WAF) created to mitigate web application vulnerabilities 
by using an intelligent resource to generate whitelist rules. 


Admin 


<3 OF reeBSD Programming Primer — Part 6 
By Rob Somerville 

In the sixth part of our series on programming, we will 

design a basic menu navigation system and style it with 

CSS. 


Cryptography 


36 Elliptic Curve Cryptography and Basic 
Applications in BSD OS 
By Jose B. Alos 
Over the past century, new IT discoveries and top 
technologies have been incorporated into our daily lives. 
As a result, one must decide whether computer security 
is essential or superfluous. In these times, when the 
Internet allows users to communicate easily around the 
world, many people use it to trade in goods or to protect 
against intruders. That's why cryptological techniques and 
algorithms are an essential need. 
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LET’S TALK 


An Eye For An Eye Soon 


Leads To Blindness 


Former National Security Agency contractor, Edward Snowden, 
has created worldwide controversy by leaking United States 
secrets to British and American newspapers. While Snowden 
seeks permanent asylum, the US bans access to the UK Guardian 
newspaper for US troops. This follows in the footsteps of the 
Stuxnet attack on Iranian nuclear infrastructure. Are we at war on 


the web? 


ith human nature being what it is, no techno- 
VV logical innovation can remain unsullied from 
the fingerprints of those with less than pure mo- 
tives. Pornographers hijacked the fledgling movie industry 
in the early 20th century and continued with the next inno- 
vation, video. The same ethos applies to conmen, thieves, 
hustlers, fraudsters and many others that inhabit and ex- 
ploit the power of the Internet. Clearly, there will always be 
a dark side. This contrasts strongly with the whole idea of 
the Internet and the World Wide Web being a platform for 
openness, democracy, free speech, etc. 
Then again, there are institutions, schools, corpora- 
tions, etc. who view the Internet as just an extension to 
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their Local Area Network — joining satellite offices togeth- 
er transparently. While some use the medium to express 
themselves and communicate, others prefer to watch si- 
lently in the background and monitor trends, patterns and 
metadata. Some attack vulnerable systems for laughs, 
others for commercial gain. All of this is understood. 
Where the picture becomes unclear is how much cross- 
over there is between the military and intelligence servic- 
es (e.g. Defence Advanced Projects Research Agency 
— DARPA and the National Security Agency — NSA) and 
the Internet user. Just how much traffic is monitored? Is 
it content or metadata (e.g. IP address to IP address)? 
How long is it held for? How much power do the watch- 


07/2013 


An Eye For An Eye Soon Leads To Blindness 


ers have to examine my traffic, my exchanges in detail? 
Is this cross-border, across nations? 

A lot has changed since the formation of DARPA in 
1958. The Cold War is over, and nations, rather than 
strengthening on the basis of individuality, are coalesc- 
ing into large trading groups. The world is becoming 
smaller; consumerism and Western values are pene- 
trating nations who, 50 years ago, would have rejected 
such principles. With connectivity via satellite, the World 
Wide Web literally encompasses the whole world, be it 
urban, suburban or inhospitable jungle or desert. The 
Internet is not limited to PC’s or servers, mobile devices 
(even domestic appliances and cars) are online. A new 
generation has embraced social media with gusto, im- 
pervious to the fact that in 30 years time, the inane, im- 
mature and sarcastic will be available to all as well as 
the more illustrative or insightful. Ironically, while tech- 
nology seems to have moved forward, the terrorist at- 
tacks of 2001 have spawned a culture of security and 
watchfulness that — it could be argued — is more restric- 
tive than during the 50’s or 60's. 

Throughout history, the powers that be (TPTB) have 
always used some method to monitor communications. 
The meta-data (who called who) for telephone calls in 
the UK at least, has to be stored for a number of years. 
Paper mail can be intercepted with a warrant, and the 
tales of bugs and microphones turning up in embassies 
throughout the world are legion. Everybody knows that 
Internet traffic can be easily monitored (ask any web- 
master) — the ethical question is “How much can we trust 
those that watch?” It is all very well to say that if you 
have nothing to hide, you have nothing to fear, but in in- 
telligence circles, there is no smoke without fire, and guilt 
by association — while not sufficient evidence to convict 
in a court of law — could assign an individual's name to 
some secure database somewhere, with no right of ap- 
peal or correction. 

The generic term “In the interests of National Security” 
covers a multitude of sins, and looking to other countries, 
quite frequently servers in the West will be attacked ei- 
ther for political, espionage or commercial reasons. What 
might be good for one nation will be bad for another, so 
the battle rages on, the weapons get bigger, the deploy- 
ments at the battle-front more numerous. Legal pre-emp- 
tive hacking strikes have been written into Singapore law 
(The Computer Misuse and Cybersecurity Act). We have 
now entered a vicious cycle of a technological arms race 
via the Internet and Local Area Networks; penetrating the 
lran nuclear facility with the Stuxnet worm — an act con- 
sidered science fiction during the Cold War— was three 
years ago. While the delivery vector was probably a USB 
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enabled device, the level of sophistication suggests mili- 
tary, intelligence or criminal origins rather than your run of 
the mill hacker. 

Besides controlling who has access to content, there is 
the separate issue of what content is acceptable. There 
used to be a 9pm watershed for all broadcast media — 
anything that might upset or cause offence could not be 
televised before then. With the introduction of the VCR 
and PVR, this control is now obsolete. As for the Internet, 
is 24/7 whatever you want. It looks like the argument my 
father used is appropriate here: “There is always the Off 
button”. There are already calls for Internet censorship, 
and like the history of the book, cinema and printing press, 
we are approaching the time when some web pages will 
be stacked high, condemned and then publicly burnt. The 
Internet has suddenly become very political. 

The Internet and the World Wide Web as a force for 
good cannot be denied, yet as a technology, it is still rel- 
atively immature. Colour television was available in the 
1970’s, but mass adoption of the browser did not hap- 
pen until 25 years later. What we are experiencing are 
the growing pains — as the infrastructure becomes more 
essential to corporations, etc., more regulation will be put 
into place and in 20 years’ time, the Internet will be a very 
different place. 

As with Wikileaks, the Snowden incident will no doubt 
take years to come to a legal and political conclusion. 
Meanwhile, tit-for-tat actions and attacks will continue to 
escalate whether they come from individual hackers, or- 
ganised crime, government agencies or the military. We 
should focus on strengthening infrastructure rather than 
getting distracted by politicians. 

It has always been war on the Internet. It is just that we 
have moved on from using words to throwing rocks, sticks 
and using much larger scale weapons. 


ROB SOMERVILLE 

Rob Somerville has been passionate about technology since 
his early teens. A keen advocate of open systems since the mid 
eighties, he has worked in many corporate sectors including fi- 
nance, automotive, airlines, government and media in a vari- 
ety of roles from technical support, system administrator, de- 
veloper, systems integrator and IT manager. He has moved on 
from CP/M and nixie tubes but keeps a soldering iron handy 
just in case. 
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WHAT’S NEW 


MaheshaOpenBSD 


— OpenBSD In A Serpent World 


The article focuses on a turnkey server made with OpenBSD. 
This is available as a USB image that can be immediately 


deployed in the SOHO (Small Office - 


Home Office) environment. 


MaheshaOpenBSD Server is a flavor of the MaheshaBSD Server, 
Originally based on FreeBSD, that runs on OpenBSD 5.2 and was 


released on April 5, 2013. 


What you will learn... 
¢ how to set up a quick and secure server for SOHO purposes 
- how to use OpenBSD quickly anywhere in the world 


cure server using OpenBSD on a USB flash drive 
and how to set up the secure server in a few sec- 
onds without installing OpenBSD onto your hard drive. 


Ty his article will teach anybody how to deploy a se- 


Welcome Into The World Of Serpents 
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n article entitled “MaheshaBSD Server: MySQL and 
WordPress in FreeBSD” was published in issue 44 of BSD 
Magazine. Now, the project MaheshaBSD has been ex- 
tended to all major flavors of BSD distributions including 
NetBSD, OpenBSD and DragonFlyBSD. Not many BSD 
systems (like NetBSD) were previously available with pre- 
installed software as USB images, thus this project has 
an educational purpose too. At present, the MaheshaBSD 
Project has two versions: 


¢ General-purpose and free MaheshaBSD USB/CD 
distribution (FreeBSD, NetBSD, DragonFlyBSD). 

¢ Server version of MaheshaBSD (FreeBSD and Open- 
BSD), which is free for personal use. 


At the time of writing, the MaheshaBSD Project consists of: 


¢ MaheshaBSD -—- a general purpose LiveCD distribu- 
tion based on FreeBSD 9.0-RELEASE. 
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What you should know... 
- basic use of OpenBSD 
¢ basic shell commands 


¢ MaheshaBSD Server — the same thing as Ma- 
heshaBSD, but this is the server version with addi- 
tional software common to server deployments like 
WordPress, MySQL, phpMyAdmin, etc. installed. This 
edition is only available as a USB image. 

¢ MaheshaNetBSD — a general purpose NetBSD USB 
distribution. 

¢ MaheshaDragonFlyBSD — a general purpose Drag- 
onFlyBSD USB distribution. 

¢ MaheshaOpenBSD Server — the subject of this arti- 
cle, an OpenBSD based Mahesha server distribution. 


Releases of these BSD systems are downloadable (see the 
links). The MaheshaBSD Project is copyrighted software. 


Introduction 

A pre-configured turnkey WordPress / FTP Server on a 
bootable USB image is not easy to find on the Internet, even 
on Linux specific sites. MaheshaOpenBSD runs on a writ- 
able USB memory stick that can be immediately deployed 
just by writing the image onto your USB flash drive (At least 
a 4 GB memory stick is required). The project’s goals are 
education, simplicity, BSD advocacy, and a focus on poorer 
countries. The MaheshaBSD slogan is KEEP BSD SIMPLY 
STUPID AND TANTRIC. Most (if not all) online FTP serv- 
ers have restrictions and bypassing them requires payment. 
With MaheshaBSD Server, anybody can use any hard disk 
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and set up their own FTP/WordPress server anywhere in 
the world. MaheshaBSD Server is a social project too as 
people can easily share their files. Students may put a link 
on their personal websites to a MaheshaBSD FTP/Word- 
Press server running at their home and share their files (vid- 
eos, MP3’s, etc.) with anybody in the world (Figure 1). 

MaheshaOpenBSD Server is the same thing as Ma- 
heshaBSD Server. Both MaheshaBSD Server (FreeBSD) 
and MaheshaOpenBSD Server (OpenBSD) will offer us- 
ers the same functionality — that is, an almost identical 
desktop interface with IceWM, a turnkey WordPress and 
FTP server with MySQL. Both systems can also run from 
a USB flash drive. You can make an ISO image with Ma- 
heshaOpenBSD and use it in conjunction with alternate 
deployment strategies. 


A Quick Overview Of MaheshaOpenBSD Server 
MaheshaOpenBSD Server is a server that behaves like any 
website running on any server that you access on the Inter- 
net. You do not need any special knowledge of Unix — you 
will just log in, copy or remove files, and that’s it (Figure 2). 
lf you have a Facebook account, nothing will be easier 
than just sharing a link to this SOHO server (usually it is 
not easy and definitely not cheap to share tons of files on 
the Internet). All you need to do is enable the IP Forward- 
ing feature in your router. With a spare notebook, you will 
have a home server with tons of files that you can instantly 
share with friends as MaheshaOpenBSD Server does not 
need any special setup. WordPress behaves the same 
way like in MaheshaBSD Server (FreeBSD). You can 
keep your colleagues or family updated with your prog- 
ress. Provided you ran the dhclient on your network card 
in MaheshaOpenBSD, the ifconfig command will show 
you which IP to use. Use this IP in your browser, or alter- 
©) Mansa Devi [Full Sang] Jago Malye OM - Terabe (video/np4 Object) - Mozilla Firefox 
Yew =Higborns «= Boohmarke Tool Eels 
ee -c cy = [3 | ne:iinse.168.1.101reerea Dew (Ful Seng] Jago Maya OF YouTube mo 


A Mot Weted | | wh Edie 
_) Mansa Devi [Full Song] Jago Matya D...| 


Figure 1. With MaheshaOpenBsD Server you may watch videos over 
the network 
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You can talk the talk. 
Can you walk the walk? 


IT’S IN YOUR DNA 


WHAT’S NEW 


natively change the hosts file on the computer from which 
you will access MaheshaOpenBSD Server: 


192.168.1.101 manasa 


The hosts file in Windows resides in C:\Windows\Sys- 
tem32\drivers\etc (on almost all versions of Windows). 

lf you edited your hosts file as mentioned above, Apache 
server will then run on: http://manasa. FTP server will run 
on: ftp://manasa. WordPress will be accessible at: http:// 
manasa/wordpress (Figure 3). 

To listen to audio files or to play video files over the net- 
work, you must have the Flash Plugin installed in your 
browser on the computer from which you will access Ma- 
heshaOpenBSD Server. With files converted to the MP4 
format, you can start your own SOHO “YouTube” alterna- 
tive. To convert files to the MP4 format, just use any free 
online video conversion tool. 


Quick Start 
The basic steps detailing how to use this software are de- 
scribed in the README!!!.txt in the RAR file that is avail- 
able on the Internet at fto://2227.x.rootbsd.net/index.html. 
Download the image, unrar it and use the following com- 
mand (OpenBSD) to write it onto your flash drive (assum- 
ing the flash drive has been attached to /dev/sao — check 
before executing the command): 


dd if=MaheshaOpenBSD.ima of=/dev/sd0 bs=10240 conv=sync 


lf you use Windows, use a program such as Winlmage. 
Boot the image: reboot your computer to ensure that the 
USB boot is enabled. 


a Test Page lor figache Indialation - SeaMonkey 
ee 
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oy 


semver software cluded with ther Open2SD | 
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Documentation 


The Apache manual is avadeble with distribution as part of the puny Ele set, See Font shareddicct herd http. 
Especully read the SOL decementaton carcBally within the manual im addiien te the 2758) and bitp-d0T) saad pages 


Graphics 
You are free to use the mage below on an Apache-powered web server 
[Ooo ey am | 
Figure 2. Just replace the Apache server's default files in /var/www/ 
htdocs 
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Log in to MaheshaOpenBSD 
Server physically as root with 
password manasa71 (change the 
root password as soon as possi- 
ble). Run the dhclient command 
to get a new IP address from 
your local network. For instance 
if your network card is fxpo, type the following in your shell: 
dhclient fxpo.Edit the hosts file on your host computer to 
add the IP of your MaheshaOpenBSD Server. This will en- 
able you to access MaheshaOpenBSD Server’s services 
(but this is required only for WordPress). That’s all. 


_ 


Celt = 192.1681 
Li boss 


Figure 3. The boss account 
in Windows accessible via 
samba 


How To Use FTP/WWW Server In 
MaheshaOpenBSD Server? 

FTP 

To operate the FIP server immediately, log in to Ma- 
heshaOpenBSD Server’s vsftpd account via SFTP (pass- 
word: 71/manageme — passwords for all accounts are in 
/home/guest5/passes.txt). You may also use a free Win- 
dows program like WinSCP (Figure 4). 

As you see, WinSCP works very well. Copy any- 
thing tO CopyFTPfileHere directory — /home/vsftpd/ 
CopyFTPfileHere, then log in via SSH to MaheshaOpen- 
BSD Server's guest5 account, (password is guest6), fetch 
your passwords and then log in as “boss” via SSH. su to 
root and copy that file from copyFTPfileHere in /nome/vs- 
ftpd to /home/vsftpd/ftp. This seems a little bit more com- 
plicated than in MaheshaBSD Server (FreeBSD), but this 
is because VSFTPD behaves differently in OpenBSD. 

The configuration file for VSFTPD (vsftpd.conf) in Ma- 
heshaOpenBSD Server will help beginners learn about 
this different behavior. Contrary to FreeBSD, OpenBSD 
stores this file in /etc. 


WWW/WordPress 
www 
Just copy *.php, *.htm, or anything to /var/www/htdocs. 
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Figure 4. Files to and from MaheshaOpenBSD Server are copied with 
the SFTP file protocol 
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MaheshaOpenBSD - OpenBSD In A Serpent World 


WordPress 
As already stated, you must edit the hosts file on your host 
computer as WordPress needs it in its settings. It would 
be unpleasant to have to change it every time because of 
dynamic IP’s, etc (Figure 5). 

WordPress is quite easy to use. Add pictures, files, or 
create new links, etc. after you log in. To change the intro- 
ductory screen, edit Hello world! in your Posts (Figure 6). 


Some Notes And Tips 

MaheshaOpenBSD Server has espeak (text to speech 
conversion software) and a number of other useful utili- 
ties. New packages can be installed easily (from the In- 
ternet) = just type pkg-get -i package in your shell. Pkg- 
get is a useful script, as it will also help you search for 
packages. For example, if you type pkg-get -s fire IN 
your shell, you will see all packages available with the pre- 
fix “fire”. To install a package, just select its number and 
press Enter. A number of packages are installed in Ma- 
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Figure 5. The WordPress introductory screen in MaheshaOpenBSD 
Server is self-explanatory 
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Figure 6. /t is advisable not to use IP’s because they change 


www.bsdmag.org 


heshaOpenBSD Server. You can see them all in /pkg. To 
use X, type startxaut (the script will generate /etc/x11/ 
xorg.conf and will start your X session automatically). You 
may also learn Sanskrit. To write documents, | decided to 
use the Seamonkey’s Composer Component — its icon is 
on the IceWM desktop like in all MaheshaBSD projects. 
Keyboard layouts are available in the lceWM menu — Start 
> Utilities. 

MaheshaOpenBSD Server has a secure search en- 
gine (https://startpage.com). After you open Firefox or 
Seamonkey, you will see the picture of a white cobra. On 
other tabs, you will see some helpful sites. phoMyAdmin 
is available too (Figure 7). 

When you make a DVD with the makeiso script, ignore 
the error message “UNEXPECTED INCONSISTENCY” 
after you boot MaheshaOpenBSD DVD. Just type exit and 
go. Everything will work just like with a USB flash drive. 

After copying the files you want to share with your 
friends or installing anything necessary for you, run the 
script /root/bin/sd0ro to make MaheshaOpenBSD Serv- 
er read-only (except for the directories that are in memo- 
ry). This is a good security tip. 

Change passwords!!! This is important as the pass- 
words are publicly available. You may also change pass- 
words when this is on a read-only USB flash drive (tempo- 
rarily) aS /etc resides in memory. To work with your new 
passwords on the next reboot, copy /etc to /etc2 when 
this is writable (/etc2 is not in memory). 

Except for /etc, you can make all changes permanent 
when you next reboot (in /var, /home, /root) by running 
the script /mfs/makeetcnomnt from within MaheshaOpen- 
BSD Server, or /mf£s/makeetc If you mounted this USB im- 
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Figure 7. The white cobra is a very rare cobra and it lives in the 
weirdest places of India 
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age from OpenBSD running on your hard drive. The same 
applies to /var (makevar and makevarnomnt), /root, and 
the /nome directories. 

lf you need a larger FTP storage, all you need to do is 
mount another disk to /nome/vsftpd/ftp. MaheshaOpen- 
BSD will work with any external or additional USB flash/ 
hard drive. 


Security 

MaheshaOpenBSD Server is primarily an Intranet server, 
but if you plan to open this thing to the world, you must 
take a few security measures: 


¢ change the root password 

¢ change the MySQL password 

¢ change the WordPress password 

¢ kill VSFTPD (or MySQL) if you do not plan to use it 
¢ upgrade WordPress 


For WordPress, see the file /var/www/htdocs/wordpress/ 
wp.config.php, where you will also find the MySQL pass- 
word. There are many sites that will tell you how to 
change the MySQL password (Figure 8). 

Logs are in /var — for example, /var/logs/vsftpd.log 
stores all the activity for the VSFTPD Server. Apache logs 
are IN /var/www/logs; MySQL logs are in /var/mysql. 

The best security tip is not to use SSH. To solve this, log 
in to your MaheshaOpenBSD box and look at the sample 
/root/bin/atme script. This script will turn the SSHD dae- 
mon off at a specific time and turn it on at the time you 
specify. This means that the best security measure is to 
log in to MaheshaOpenBSD over network, edit the /root/ 
bin/atme SCript as you wish (the file contains the explana- 
tion in a commented text) and run it. The /root/bin/atme 
script will shut the SSHD daemon in two minutes and will 
start it at any time you specify. You do not need to edit 


Figure 8. The following tcp/ip ports are open in the “default” 
installation 
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anything else for this script to work. All you need to do is 
edit the /root/bin/atme script as follows: 


at -f /root/bin/atmel now + 2 minutes 


- this will kill the SSHD daemon in 2 minutes 


sleep 3 7; at =f /root/bin/atme2 now + 5 minutes — this 
will start the SSHD daemon in 5 minutes, but it is better 
to change the above value to a couple of hours or days (5 
days). Only you will know when to log in. The above tip is 
my own invention and | use it with my FreeBSD box. 

The fact that the user runs OpenBSD in MaheshaOpen- 
BSD does not mean that the MaheshaOpenBSD Server is 
secure. We as humans must follow certain rules. Without 
them, we will become vulnerable. But MaheshaOpenBSD 
is on a writable USB flash drive and you are advised to se- 
cure it to your liking. Do keep in mind that users have dif- 
ferent priorities. If security is your priority, change the se- 
cure level *-1" in /etc/rc.securelevel to higher numbers 
and take some other measures, too, like avoid running X. 
Use your own judgement! 


Conclusion 

Portability is a great feature of this thing! It is not easy to 
carry your computer with you, nor is it always effortless 
to edit configuration files on a computer that you do not 
own. MaheshaBSD Server or MaheshaOpenBSD Server 
is “a computer in your pocket”, a difficult-to-find thing for 
thieves who will always find it easier to steal notebooks 
from cars or cafeteria tables. OpenBSD is one of a few 
projects made with love and great enthusiasm. | hope that 
this great work, MaheshaOpenBSD, will help advocate for 
OpenBSD and attract people outside of the BSD world. 
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Security Policy Development in 


TrustedBSD MAC 


Framework 


Trusted Operating Systems are the next level of system security. 
They offer both new security features and a high assurance 

of successful implementation. Trusted systems differ from 
secure systems in many principles. Trusted Systems established 
the concept of “ranking” systems with different degrees of 


trustworthiness. 


What you will learn... 

¢ How to write OS Security policy 

« MAC Security Framework structure 

« Installation and configuration of Nagios with MAC Security 
Framework 


make a judgment based on the security of systems. 

Operating systems have to implement security policies, 
and different mechanisms are used to enforce such poli- 
cies. There are various operating system security policies 
such as the Massachusetts Library System (MLS) and Bi- 
ba, which was developed by Kenneth J. Biba. This article 
describes the overall process of developing and applying 
different security policies within the FreeBSD kernel under 
the TrustedBSD MAC Security Framework. 


n such systems, users decide on trustworthiness and 


Introduction 

A kernel is a central component of an operating system. It 
acts as an interface between user applications and hard- 
ware. The main purpose of the kernel is to manage the 
communication between the software (user level appli- 
cations) and the hardware (CPU, disk memory, etc). The 
main kernel tasks are: Process Management, Device 
Management, Memory Management, Interrupt Handling, 
I/O Communication and File System. New kernel struc- 
tures arose consisting of several modules classified in- 
to static (base) kernel modules and dynamic “pluggable” 
kernel modules. The main advantage of dynamic kernel 
modules is the ability to be attached at run-time in a flex- 
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What you should know... 

- Basic understanding of FreeBSD 

¢ How to install FreeBSD 

¢ Howto install port (application) on FreeBSD 


ible way. In the static version of the kernel, all modules 
must be present at kernel compilation time. On the other 
hand, in the dynamic scenario, modules have to be avail- 
able only during run-time. Furthermore, the security and 
performance tradeoffs are formulating the best approach 
to use in kernel compilation. On the other hand, different 
security models and policies were implemented in OS ker- 
nels to add many security features to the “plain” kernels. 
From an operating system point of view, security policies 
are the restrictions that administrators would like to ap- 
ply while mechanisms are the procedures used to enforce 
such policies. There are various operating system secu- 
rity policies such as MLS and Biba policies. 


Security Policies Problems 

The variety and non-standardization of the design of secu- 
rity policies introduced conflicts between implementations 
of these policies. Different vendor implementations along 
with security policies’ intentions caused big headaches for 
security developers. In addition, frequent changes in us- 
er requirements and the need for policy customizations 
pushed security developers to seek a new security meth- 
odology for covering these issues. In the past, kernels were 
adapted to one security model at most. Furthermore, we 
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had to include the security policy in the kernel configuration 
file before compiling the kernel. However, this inflexibility in 
embedding security policies in the kernel was a huge prob- 
lem. Continuous work by researchers led to the introduc- 
tion of new concepts for OS security. This technique focus- 
es on implementing an intermediate layer between security 
models and kernel services. This intermediate layer offers 
policy composition manipulation and customization in ad- 
dition to the capability to attach different security policies 
at run-time. One of the most common security frameworks 
implementing the mentioned points is the MAC framework. 
The MAC framework provides a set of wrappers for use by 
different policies’ vendors. Figure 1 describes the overall 
architecture of the MAC framework. 


MAC Security Framework in detail 

Two of the most significant security mechanisms are file 
system Access Control Lists (ACLs) and Mandatory Ac- 
cess Control (MAC) facilities. Mandatory Access Control 
allows new access control modules to be loaded to sup- 
port new security policies. Some modules provide pro- 
tections of a narrow subset of the system, hardening a 
particular service. Others provide comprehensive labeled 
security across all subjects and objects. The mandatory 
part of the definition comes from the fact that the enforce- 
ment of the controls is done by administrators and the 
system and is not left up to the discretion of users as is do- 
ne with discretionary access control (DAC, the standard 
file and System V IPC permissions on FreeBSD). One 
of the most common implementations of the MAC Secu- 
rity is the TrustedBSD MAC Framework. The TrustedB- 
SD MAC framework provides a mechanism to allow the 
compile-time or run-time extension of the kernel access 
control model. New system policies may be implemented 
as kernel modules and linked to the kernel; if multiple pol- 
icy modules are present, their results will be composed. 
The MAC Framework provides a variety of access control 
infrastructure services to assist policy writers, including 
support for transient and persistent policy-agnostic object 
security labels. 


Detailed Architecture 

MAC Framework Interfaces for Kernel Services 

The MAC Framework presents a set of entry points to se- 
lected kernel services, permitting the services to provide 
event notification to the MAC framework and providing the 
ability for the MAC Framework to maintain a security label 
within kernel objects maintained by the kernel services. 
In FreeBSD, the interface used by its kernel services to 
communicate with the MAC Framework is defined in sys/ 
mac.h. This includes the APIs for all entry points from the 
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kernel services. In addition, sys/ label.h defines struct 
label, a data structure used to store policy-agnostic label 
data in kernel objects. This structure is embedded into 
many kernel service structures. 


Framework Kernel Service Entry Points 

Modifications have been made to kernel services to in- 
voke MAC Framework entry points. These modifications 
affect object initialization, association/creation, and de- 
struction, as well as in common paths requiring access 
control at high levels in the kernel. With layered services, 
itis often necessary to defer access control decisions until 
enough information is available. 


Framework Implementation 
Entry point implementations, label primitives, policy regis- 
tration, and user/kernel APIs are centralized in kern_mac.c. 


Framework Interface for Policies 

The MAC Framework provides several interfaces to secu- 
rity policy implementations, including interfaces for policy 
management, label storage, process label management, 
object life cycle, access control, and system life cycle. Ex- 
tensions implement arbitrary subsets of the available in- 
terfaces, allowing implementers to select the events and 
services that are relevant to a particular policy. Interfac- 
es common to the framework and policies and defined in 
sys/mac policy.h. Definitions include entry point and reg- 
istration interfaces, as well as common access methods 
for MAC Framework services. 


Policy Implementations 

Each policy is represented by one kernel module, discour- 
aging inter-dependency. Typical policies are implemented 
in a single C file, but complex policies are implemented 
over many files. 


Interfaces to User Processes 

Interfaces for user processes are defined in sys/mac.h, 
implemented in libc, and may be dynamically linked into 
any applications. 


Kernel 
Services 


Figure 1. MAC Framework Overall Architecture 
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Main Idea 

The main idea behind TrustedBSD MAC framework is 
labeling different kernel objects to provide the ability to 
track them. A label is a security attribute which can be ap- 
plied to files, directories, or other items in the system. It 
could be considered a confidentiality stamp; when a label 
is placed on a file, it describes the security properties for 
that specific file and will only permit access by files, users, 
resources, etc. with a similar security setting. The mean- 
ing and interpretation of label values depends on the pol- 
icy configuration. While some policies might treat a label 
as representing the integrity or secrecy of an object, other 
policies might use labels to hold rules for access. Table ‘1 
shows the basic kernel elements that are labeled for ker- 
nel elements. 


Table 1. Labeled Objects 


struct vnode VFS node 
struct pipe IPC pipe 


struct mount File system mount 


struct devfs_dirent Devfs entry 


struct bpf_desc BPF packet sniff device 


Now, let’s move to MAC implementation in FreeBSD 
kernels. The following points clarify the required steps to 
allow run-time MAC security on your FreeBSD machine: 


Adding MAC support to the kernel 

Kernels should have MAC support to give the flexibility of 
implementing and composing security policies. To achieve 
this, add mac option to your kernel configuration file which 
IS /usr/src/sys/conf/GENERIC by default. 


options MAC 

Next, recompile the kernel to rephrase the kernel for 
MAC support. In order to compile a GENERIC kernel, do 
the following steps: 


¢ Change to the /usr/src directory: 


# cd /usr/sre 
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¢ Compile the kernel: 
# make buildkernel KERNCONF=GENERIC 


Note: You can omit KERNCONF=GENERIC If you are refer- 
ring to the default configuration file. 
¢ Install the new kernel: 


# make installkernel KERNCONF=GENERIC 


Note: You can omit KERNCONF=GENERIC If you are refer- 
ring to the default configuration file. 


Embedding MAC Policy 

Security policies are either linked directly into the kernel, 
or compiled into loadable kernel modules that may be 
loaded at boot, or dynamically using the module loading 
system calls at runtime. 


Policy Declaration 

Modules may be declared using the mac poLtcy sET() 
macro which names the policy, provides a reference to 
the MAC entry point vector, provides load-time flags de- 
termining how the policy framework should handle the 
policy, and optionally requests the allocation of label state 
by the framework (Listing 1). 

The MAC policy entry point vector, mac policy ops In 
this example, associates functions defined in the module 
with specific entry points. Of specific interest during mod- 
ule registration are the .mpo destroy and .mpo init entry 
points. .mpo init will be invoked once a policy is Success- 
fully registered with the module framework but prior to any 


Listing 1. mac_policy_ops function 
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other entry points becoming active. This permits the policy 
to perform any policy-specific allocation and initialization, 
such as initialization of any data or locks. .mpo destroy 
will be invoked when a policy module is unloaded to per- 
mit releasing of any allocated memory and destruction of 
locks. Currently, these two entry points are invoked with 
the MAC policy list mutex held to prevent any other entry 
points from being invoked. This will be changed, but in the 
meantime, policies should be careful about what kernel 
primitives they invoke to avoid lock ordering or sleeping 
problems. 

The policy declaration’s module name field exists so 
that the module may be uniquely identified for the purpos- 
es of module dependencies. An appropriate string should 
be selected. The full string name of the policy is displayed 
to the user via the kernel log during loading and unloading 
events, and also exported when providing status informa- 
tion to user processes. 


Label Configuration 

Virtually all aspects of label policy module configuration 
will be performed using the base system utilities. These 
commands provide a simple interface for object or subject 
configuration or the manipulation and verification of the 
configuration. 

All configuration may be done by use of the setfmac (8) 
and setpmac(8) Utilities. The setfmac Command is used to 
set mac labels on system objects while the setpmac Com- 
mand is used to set the labels on system subjects. Observe: 


# setfmac biba/high test 


lf no errors occurred with the command above, a prompt 
will be returned. The only time these commands are 
not quiescent is when an error occurred, similar to the 
chmod(1) and chown(8) Commands. In some cases, this 
error may be a Permission denied and Is usually ob- 
tained when the label is being set or modified on an ob- 
ject which is restricted. The system administrator may 
use the following commands to overcome this: 


# setfmac biba/high test 


This is usually what you get when you try to set MAC la- 
bel to “test” directly: 


“Permission denied” !!! 
To avoid this problem, wrap label change into new mac 


process. The next command forks new mac process and 
assigns mac label with highest possible privileges 
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# setpmac biba/low setfmac biba/high test 
Finally, verify what you just did! 


# getfmac test 
test: biba/high 


Two types of labels are available: singlelabel and mul- 
tilabel. By default, all the labels are singlelabel items. 
The multilabel option permits each subject or object to 
have its own independent MAC label in place of standard 
singlelabel option which enforces single label through- 
out the partition. The multilabel and singlelabel Op- 
tions are only required for the policies implementing la- 
bel feature, including the Biba, Low Water-Mark man- 
datory access control (Lomac), MLS and Security En- 
hanced BSD (SEBSD) policies. The multilabel is re- 
quired when we have different policies implemented to 
set a policy for each labeled object. To set multilabel on 
the filesystem: 


# tunefs -l enable / 


Policy Configuration 
The Table 2 shows the set of predefined policies for Trust- 
edBSD MAC for use instead of creating new ones. 


Table 2. MAC Policies 


mac_bsdextended “File system firewall” using existing 
credentials/permissions 


mac_lomac Hierarchal floating-label integrity 


mac_none Prototype stub policy 


mac_seeotheruids __ Inter-process visibility policy based on 
existing credentials. 


sebsd Port of the SELinux/FLASK/TE 


Case Study (Apply MAC to files and Test it via 
Nagios) 

In this example, we will simulate a typical MAC Securi- 
ty scenario for Sendmail service with the aid of Nagios, 
one of the most common applications in the field of IT 
infrastructure monitoring. | highly recommend trying this 
example on a virtual machine because failing in admin- 


07/2013 


Security Policy Development in TrustedBSD MAC Framework 


istering your system well might cause user account inac- # cd /usr/ports/databases/mysql51-server/ 

cessibility. Before starting this example, the multilabel  # make install clean 

option must be set on each file system. Missing this label 

will result in errors. Note: this port, i.e. application, will install the MySQL 
server and the MySQL client as well (Figure 2). 

Setting multilabel flag over the filesystem through sin- °¢ Enable MySQL service at system startup 

gle user mode: 


#echo ‘mysql enable="YES”' >> /etc/rc.conf 


Se 


tunefs -l enable / 
¢ Start MySQL service immediately to avoid rebooting 
Install MySQL Server your machine 


“pt # /usr/local/etc/rce.d/mysql-server start 
scriptts) 

ei) : ra TH a page: for mysql-server-3.1.44 / 

I ‘ter ing installation for mysql=server=5.1.44 starting mysql. 

ECURITY REPORT : + 

“ty is port has installed the following files which may act as network 

servers and may therefore pose a remote security risk to the system, 
r“local/libexec¢mysqld 


Change Administrator Password for MySQL 


This port has installed the following startup scripts which may cause 
these pwetwork services to be started at boot time 


erelocalreterrc .demysy l-server 


+e 


If there are vulnerabilities in these programs there may be mysqladmin =U £OOu password adminpassword 
risk to the System. eS _ makes no quarantee about the 
ports ine luded in the ft - orts Collection. Please ty 

to deinetall the por ct uf this is @& Concern 


Install Apache Application Server 


For more information, and contact details about the =: CuUPity 
status of this software, see the following webpage 
if Wid. mysql .com 
Cleaning for mysql lient-5. 
Cleaning for mysql-server-5.1.4: 


+e 


cd /usr/ports/www/apache22/ 


+e 


make install clean 


Note: Make sure that you enabled mysql-support 
(Figure 3 and Figure 4) 
¢ Enable Apache service at System Startup 


c ostgres 7 ppc echo ‘apache22 enable="YES”’ >> /etc/rc.conf 
sOLite support for ota] i P = / / 

IPvh support 

BerkeleyDE dbm 
Enable mod_auth_basic os : 
Enable mod_auth_digest Listing 2. Start Apache Service 
Enable mod_authn_file 
Enable mod_authn_dbd 
Enable mod_authn_dbm 


Enable mod_authn_anon # echo ‘apache22 enable="YES”'’ >> /etc/rc.conf 


(X] ims Ter Enable mod_authn_defau It 
# /USt/local/etc/rc.d/apache22 start 


[X} 4. jolene oe Enable mod_authn_alias 


oa) Cancel 


Performing sanity check on apache22 configuration: 


Syntax WOK 
Figure 3. Apache Configuration Parameters Starting apache22. 


if 


Lompressing manual pages for apache-2.2.14_° 
; Ku vii i gy ldconf ig 
shine ld onfig —m race! icalrlib 
> Hegistering inegtallation for apache-2.2.14_5 
SECURITY F EPI JKT: 
} sort has installed the following Files which may act as wetwork 


_ ete efore Suse A reente socurits cickto ths suites - Cc! h localhost 


Th = iort has Ins ta | led he foal 1s he 5 a i if SCF if LS tili iv h Wibal J Cail 
these network services o be started at boot time 
“eee local /etersre .d-apachece 


pai eee | it works! 


‘Mg. Freee D Makes nO Guarantee about the security of 


{ no the Forts Collection. Please type ‘make deinstal 1” 
rt if thi 1s €& Concern 


Pe information, and contact details about the security 
itus of this software, see the following webpage: 
“nt t + 1. apache “gj 
; ng fOr libtock 2.2.66 
ny for apache-2.2.1 


Figure 4. Apache after installation Figure 5. Testing Apache 
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¢ Start Apache Service Immediately to avoid rebooting 
your system (Listing 2) 

¢ Check if your Apache server is up through hitp:// 
yourlP/ (Figure 5) 

e Install PHP5S 


+ Cad 7/Usr/ports/ Lang/php5/ 


# make install clean 


Note: Make sure that you enabled apache support 
(Figure 6) 
Install PHP5 Extensions 


# cd /usr/ports/lang/php5-extensions/ 


# make install clean 


Note: Make sure that you enabled mysql-support and 
session support (Figure 7) 


Listing 3. Enable PHP in Apache 


DirectoryIndex index.php index.html index.htm 
AddType application/x-httpd-php .php 


Addlype apolication/x—-httpd-pho-source 2phps 


Options for phpS 5.2.12 


Build CLI wersion 
Bulld ¢ in elt tL 


Enable eyo 

Enable Suhosin protection system (not for jails) 
Enable zend multibyte support 

Enable ipvi support 

Enable mail header patch 

Enable force-cgi-redirect support (CGI only) 
Enable discard-path support (CGT only) 

Enable fastcgi support (CGI only) 

Enable path-info-check support (CGI only) 


i | ILTIBYTE 
(1 
i) ATLWEAD 
(oi) EDTRECT 
{ J Ds sChHRD 

EXD Fee 

cet) ATHIBFO 


Options for phph-extensions 1.3 


PostgresgL database support 
POSIX=-like functions 


| SE 


‘SPELL pepell support 
shad dae readline support (CLI only) 
OBE recode Support 


so 
ou. AROS 
| (MPLEXHE 
ra) NAP 


es SS i on Si pport} 

shmop support * 
simplexml support 
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sockets support 

Standard PHP Library 
eglite support 

Sybase database support 
system W message support 


3) NBASE_CT 
Foi) - YSUASG 
iva 


ao ae Cancel 


Figure 7. PHP5 Extensions Configuration Parameters 


BSD 


20 


MAGAZINE 


Rename php.ini-dist to php.ini 


# cp usr/local/etc/php.ini-dist /usr/local/etc/php.ini 


Configure Apache to enable PHP support and ap- 
pend the lines from Listing 3 to apache configuration 
file (nttpd.con¢f) (Figure 8) 


# ee /usr/local/etc/apache22/httpd.conf 


Install Nagios 


“k delete line 
undelete line 
delete word 
restore word 


“p prey Li “gq prev page 
“n next i “y next page 
“bh hack 1 char 

“f forward 1 char 

~j undelete char “z next word 


Pt (escape) menu 
o ase code 

ru end of file 

k t begin of file 
Pc Command 


Secure CSaL/TLS)] co 
ss1.conf 


Include etcerapacheze-e 


xtra’ rhetpé 


:: The following m st must be A iph sent to support 
starting wi thout 5 with no -deverandom equivalent 
but a statically ese tied in ‘mod ssl. 
=1_module> 
it ar tup builtin 


k¢ Lf Module> 


I nclude etcrva pac hez2- lncludes-«#. conf 
Directory Index index.php index.html index.htm 
FiddType applicationsx-httpd-php .php 

\ ddType applicationsx-httpd-php-source .p hps 


Figure 8. Append Listing 3 to the end of the file 


Options for nagios-plugins 1.4.14,1 


Game server query support (check_game) 

su ae pene Sees oak i (check_fping) 
Radius ae MaRE: Tae hee 

MySQL support (check_mysq1) 

PostgreSQL support (check_pgsql) 

OpenLDAP support (check_Idap) 

[Pvb support 

Compilation within jail(a) (see Makefile) 


‘usr’ locals] Lbexecrnagilos-ec he c 


network 
SuUSTEM, 


This port has instal lc =d the following fi les which may act as 
Servers and Tah Ly th Ire pose a remote secur ity risk to the 


‘usr? locals|l ibe e -| k icmp 


er/locals |]  bexecenag lose he ckK_dhep 


If there are 
risk to the 
ports wmctlided in the Ports Collection. 
ta deinstall the port if this is 4 


wu lnerabi li i : itt thes ce progr Fh Pe the cre Maly he a 
system. FreeBS kes 


SeEcur i Ly 
no guarantee about the security of 
Please type “make deinstall" 


CONCEPT 


For more information, and contact details about the 
status of this software, see the following webpage: 
‘iid, nag ios org, 

Re turning to build of nagios-3.2.6_1 

nagios-3.2.8 1 depends on file: /susr-local/’includerphp-mainephp.h Found 


security 


. 
Unknow group nagios’ 


You need a “nagios” group 


Jowld you like ae to create it [YES]? YES 


Figure 10. Nagios User and Group creation 
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# cd /usr/ports/net-mgmt/nagios 


+ take install clean 


Note: Make sure that you enabled SNMP support in 
Nagios-plugins installation which follows Nagios in- 
Sstallation (Figure 9) 

¢ Create Nagios User and Group (Figure 10) 

¢ Enable Nagios service at system startup 


# echo ‘nagios enable="YES” >> /etc/rc.conf 


¢ Configure Nagios (Figure 11-13) 

¢ Start Nagios service immediately to avoid system re- 
booting (Figure 14) 

¢ Configure Apache to support Nagios and append the 
lines from Listing 4 to /usr/local/etc/apache22/httpd. 


Conr 


fusr/ local/ete/nag ios 
ls -l 


11404 Mar 
root wheel 3f2i1 Mar 
- root wheel 
root wheel 


root wheel 26 cgi.cfg-sample 
nagios.cfg-sample 
ob jects 
26 resource .cfg-sample 
test cp cgi.cfg-sample cgi.cfyg 
test# cp nagios.cfg-sample nagios.cfg 
resource .cfg-sample resource .cfg 


11464 Mar (:26 cgil.cfg-sample 
s | ‘bh nagios .cfg-sample 
2 Mar 3 le:é¢6 objects 
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root whi 


“# root whi 
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=e] 

root wheel ? Mar 
a | 
at ae | 


l root whee fri4 Mar 
Ll root whee 
root whee 2415 Alar 
root whee 3124 Har 
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Figure 13. More Configuration on Nagios 
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Listing 4. Apache Configurations for Nagios 


ee /usr/local/etc/apache22/httpd.conf 
ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/ 


Alias /nagios /usr/local/www/nagios/ 


<Directory /usr/local/www/nagios> 
Options None 
AllowOverride None 
Order allow,deny 
Allow from all 
AuthName “Nagios Access” 
AuthType Basic 
AuthUSerFile /usr/local/etc/nagios/htpasswd.users 


Require valid-user 


</Directory> 


<Directory /usr/local/www/nagios/cgi-bin> 
Options ExecCGI 
AllowOverride None 
Order allow, deny 
Allow from all 
AuthName “Nagios Access” 
AuthType Basic 
AuthUSerFile /usr/local/etc/nagios/htpasswd.users 
Require valid-user 


</ DILeecrory- 


1 root whee | 1346 Har 


cgi.cfg-sample cgi.cfyg 


cfg-sample 

cp : 

ett cp nagios.cfg-sample nagios.cfy 
cp resource .chg-sample : 

Sta cd susrelocalsetcrnagios‘ob jects 


root whee 2:26 commands .cfg-sample 


root whee 


| 
i 
l root 
1 
1 
| 


| 
| 
| 
root ee | 
root | 
root = | E F 
ec | a i Aar 3 1f:46 
g-sample commands .cirg 
=samp le contacts.ct ij 
y-samsple localhost .cfg 
j-sample printer .cfy 
# cp switch.chg © switch.clig 
# cp templates.c sample templates.clg 
Cp timeperioa sample timeperiods .cfg 
fusre locale rc.d/nagios start 
Ferforming sanity check of nagios configuration: Ok 
5 tarting nagios. 


Figure 14. Starting Nagios 


test# /usr/local/etc/rc.d/apachedé restart 
"erforming sanity check on apachedd configuration: 
syntax UR 

Stopping apachedd. 


aiting tor PIDS: 4?¢/726. 


Performing sanity check on apachedé configuration: 
syntax OK 

starting apachedé. 

testn §j 


Figure 15. Restarting Nagios 
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Security Policy Development in TrustedBSD MAC Framework 


¢ Restart Apache to apply changes (Figure 15) 
¢ Login to Nagios (Figure 16 and Figure 17) 
¢ Create an insecure User Class 


Begin the procedure by adding the user class from List- 
ing 5 tothe /etc/login.congf file. 

Finally, add the following line to the default user class: 
:label=biba/high: #Set privileges higher than other 
labels 


Once this is completed, the following command must be 
issued to rebuild the database: 


# cap mkdb /etc/login.conf 


Boot Configuration 

Next, we have to adapt boot configurations to load the 
MAC policies at boot time. Add the following lines to / 
boot/loader.conf So the required modules will load dur- 
ing system initialization: 


mac biba_ load="YES” 


mac seeotheruids load="YES” 


Configure Users 
Set the root user to the default class using: 


# Pw usermod root -L default 


| hibtpe 152,168.63) nagioss 


4A usemame and password are being requested by Attp//192.168.6.37. The site says: 
"Nagias Access” 


User Name: [ 


Password: | 
QO cance ox 
Figure 16. Logging into Nagios 
de -ee A e CL = {ie js 5 


Figure 17. Nagios Homepage 
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Now, all user accounts that are not root or system users 
will require a login class. Otherwise, users will be unable 
to execute common commands such as vi. The following 
sh script should do the trick: 


# for x in ‘awk -F: ‘($3 >= 1001) && ($3 != 65534) { print $1 }’ \ 


/etc/passwd’; do pw usermod $x -L default; done; 


Drop nagios and www users into the insecure class to 
avoid being caught by MAC: 


# pw usermod nagios -L insecure 


# pw usermod www -L insecure 


Create the Contexts File 

A contexts file should now be created; the example file 
shown on Listing 6 should be placed in /etc/policy. 
COuLCexUS: 

This policy enforces security by setting restrictions on 
the flow of information. In this specific configuration, us- 
ers root and others should never be allowed to access 
Nagios. Configuration files and processes that are a part 


Listing 5. Nagios Configuration for MAC Security 


insecure: \ 
7COpyright—/etc/ COPYRIGHT: \ 
:welcome=/etc/motd: \ 
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K: \ 
sOath—~/ bam, coin, bina ise) shiney lor) btms, ws, kocaly 
Slouijoy./ isiie// Ikeyera\ Ionia 
:manpath=/usr/share/man /usr/local/man: \ 
:nologin=/usr/sbin/nologin: \ 
:cputime=1h30m: \ 
:datasize=8M: \ 
:vmemoryuse=100M: \ 
:stacksize=2M: \ 
:memorylocked=4M: \ 
:memoryuse=8M: \ 
:filesize=8M: \ 
:coredumpsize=8M: \ 
:openfiles=24: \ 
:maxproc=32: \ 
Sor kOrmtiy=0 \ 
:requirehome: \ 
:passwordtime=91d: \ 
sumask=022:\ 
:ignoretime@: \ 
: label=biba/10 (10-10): #Set privileges to grade of 
10 with compartments 10 and 10 
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localhost# cd /etc/mail && make stop G& \ setpmac biba/equal make start && setpmac biba/10\,(10-10\) apachectl start 


Figure 18. Testing MAC on Nagios, Apache and Sendmail 


of Nagios will be completely self contained or jailed. This 
file may be read into our system by issuing the following 
command: 


# setfsmac -ef /etc/policy.contexts / 


The previous command sets Biba policies to all the pro- 
posed objects. 


Listing 6. Policy Configuration for MAC, Nagios & Apache 


# This is the default BIBA policy for this system. 


# System: 

/var/run biba/equal #Set 
privileges equal to other labels 

jf geiey tel) biba/equal 

/dev biba/equal 

/dev/* biba/equal 

/var biba/equal 

/var/spool biba/equal 

/var/spool/* biba/equal 

/var/log biba/equal 

{/var/ log/* biba/equal 

/tmp biba/equal 

7 emp) * biba/equal 

/var/tmp biba/equal 

/var/tmp/* biba/equal 

/var/spool/mqueue biba/equal 

/var/spool/clientmqueue biba/equal 

# For Nagios: 

Vuisty Vocal etc) magiues 

/usr/local/etc/nagios/* biba/10 

/var/spool/nagios biba/10 

/var/spool/nagios/* biba/10 

# For apache 

/usr/local/etc/apache biba/10 

/usr/local/etc/apache/* biba/10 
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Note: The above file system layout may be different de- 
pending on your environment so take care if you are apply- 
ing this to jail or customized architecture; however, it must 
be run on every single file system. The /etc/mac.conf file 
requires the following modifications in the main section: 


default labels file ?biba 
default labels 1inect. vbiba 


default labels process. ?biba 


default labels socket ?biba 


Enable Networking 

It’s important to enable networking to enforce MAC to han- 
dle incoming/outgoing data and defend the kernel from 
external access. Implementing this feature requires you to 
add the following line to /boot/loader.conf: 


security.mac.biba.trust all interraces=1 


And the following to the network card configuration 
stored in rc.conf. If the primary Internet configuration is 
done via pxcp, this may need to be configured manually 
after every system boot: 


maclabel biba/equal 
Testing the Configuration 


¢ Ensure that the web server and Nagios will not be 
started on system initialization, and reboot. 

¢ Ensure the root user cannot access any of the files 
in the Nagios configuration directory. If root can is- 
sue an Is command on 
something is wrong. Otherwise a “permission denied” 
error should be returned. 

¢ If all seems well, Nagios, Apache, and Sendmail 
can now be started in a way fitting of the security pol- 
icy. The commands shown on Figure 18 will make 
this happen. 

¢ Check the log files or error messages to make sure 
everything is fine. Use the sysctl utility to disable the 
mac_biba security policy module enforcement and 
try starting everything again, like normal. 


/var/spool/nagios, then 


Conclusion 
The MAC Security Framework is a vital security enhance- 
ment in OS cryptology. It introduces run-time policy en- 
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Using Nginx and Naxs! 


for Security and High Availability 


Nginx is a lightweight and powerful HTTP proxy, mail proxy, and 
reverse proxy server for UNIX-like systems that can also be used 
as an excellent High Availability (HA) and cluster system. Naxsi 

is an Nginx Web Application Firewall (WAF) created to mitigate 
web application vulnerabilities by using an intelligent resource to 


generate whitelist rules. 


What you will learn... 
- Basic setup of the Nginx cluster/load balancer 
¢ How the Naxsi web application firewall works 


and show how to improve web security by using 
the Naxsi Web Application Firewall (WAF). Nginx, 
written by Igor Sysoev, is a forward and reverse HTTP 
proxy server that can also work as a mail proxy. You can 
learn more about Nginx and its features at the Nginx wiki 
page: http://wiki.nginx.org. 
Before the applications are installed, it is necessary to 
update the FreeBSD ports tree to use the latest Nginx ver- 
sion. Update Ports: 


y his article will cover basic Nginx HA configuration 


#cd /usr/ports 
#portsnap fetch update 


Install Nginx and Naxsi: 


#od /usr/ports/www/nginx 


#make install clean 


nginx-1.1.1,1 


3rd party gridfs module 
3rd party iconv module 
3rd party let module 
3rd party lua module 
3rd party memc 

3rd party mod security 


[ ] MODSECURITY 
[x] AXSI 


Figure 1. Installing Nginx with Naxsi support 
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What you should know... 


¢ Basic FreeBSD shell command line 


Clustering 
Enabling the cluster/load balancer feature is as simple as 
including the upstream directive on the vhost information. 
Listing 1 shows a cluster configuration. 

The acme entity will be referenced by the proxy_pass 
parameter (Listing 2), and the hosts included in the up- 
stream directive will respond to the requests sequentially. 


Listing 1. Configuring the cluster 


upstream acme { 
server 192.168.0.2; 
server 192.168.0.3; 
server 192-168. 024; 
} 


Listing 2. The acme entity being used in the proxy_pass 
parameter 
server { 

listen acme:80; 


access log 7 var log/ nginx nginx log, 


IeKGetEbergy | 
proxy pass http://acme; 
} 
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We can preserve the connection in the same backend us- 
ing the jo_hash parameter (Listing 3) which, for example, 
is important for authenticated sessions. 


Priority and failover 

The parameter weight is responsible for defining the 
backend priority. In Listing 4, the first three requests will 
be sent to the server 192.168.0.2, the fourth and fifth to 
192.168.0.3, and the sixth request to 192.168.0.4. 

The failover is enabled using the parameters max fails 
and fail timeout. Max fails defines the total request fail- 
ures allowed within the fail timeout time interval. After 
that, requests are sent to the next backend. To take servers 
offline from the cluster, use the parameter down (Figure 5). 

So far we have configured a basic cluster/load-balanc- 
ing system using Ngnix and now, we will include a secu- 
rity layer to protect the web applications against common 
web attacks. 


Naxsi 

Naxsi is a Web Application Firewall (WAF) for Nginx creat- 
ed by Thibault Koechlin. A WAF is a tool that listens to the 
HTTP conversations and applies a set of rules that protect 
web applications against common attacks such as SQL 
injection, cross-site scripting, Directory Traversal and Re- 
mote File Inclusion. Other examples of WAFs are: 


¢ Modsecurity 
¢ lronbee 


A great advantage of Naxsi is that it follows the positive se- 
curity model, learning how the applications work and cre- 
ating rules based on behavior (whitelist-based). It does not 
use attack signatures like antivirus software does. Naxsi 
was automatically installed during the compilation of Nginx. 

In Listing 6, we created the basic structure to enable 
Naxsi. In Listing 7, the learning mode will analyze the 


Listing 3. Using the parameter ip_hash to preserve the client request 


upstream acme { 
iyo lore ysl? 
server 192. 166.0.2; 
server 192.168 0.3; 
server 192.168.0.4; 


Listing 4. Using the parameter weight to define the server priority 


upstream acme { 
je) late ifs 2 
server 192.168.0.2 weight=3; 
server 192.168.0.3 weight=2; 
server 192.168.0.4; 


Listing 5. Defining the failover parameters and disabling an offline 
server using the parameter down 


upstream acme { 
jos lale vein? 
Semyc al 630 Ma apr adel Ss — 3 uence 
timeout=30s; 
server 192.168.0.3; 


server 192.168.0.4 down; 


Listing 6. Creating the basic structure. The CheckRule directive 
specifies that any request having an attack score greater than or 
equal to 8 will be denied 


# mkdir /var/tmp/nginx/ 


# vi /usr/local/etc/nginx/naxsi.rules 
LearningMode; #Enables learning mode 
SecRulesEnabled; 

#SecRulesDisabled; 

DeniedUrl “/RequestDenied”; 

## check rules 

CheckRule “SSQL >= 8” BLOCK; 
CheckRule “SRFI >= 8” BLOCK; 
CheckRule “STRAVERSAL >= 4” BLOCK; 
CheckRule “SEVADE >= 4” BLOCK; 
CheckRule “SXSS >= 8” BLOCK; 


Listing 7. Enabling the Naxsi WAF 


include /usr/local/etc/nginx/naxsi core.rules; 


location / 4 
include /usr/local/etc/nginx/naxsi.rules; 
Proxy pass hetp:/ /acme/; 
} 
#Naxsi Learning Mode 
location /RequestDenied { 


return 500. 


} 


Listing 8. /nstalling nx_util dependencies 


{ca list) ports, Lang/ py enon 

# make install clean 

# cd /usr/ports/databases/sqlite3 
# 


make install clean 
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behavior of the application to create new rules. The nx_ 
util Is another useful tool that parses the web site error 
logs, updates a SQLite database, generates new whitelist 
rules, and exports the data to the screen or an HTML file 
(Listing 8-10 and Figure 2). 


tail /var/log/nginx-error.log | ./nx_util.py -c /usr/local/ 


Ste/nginx/nx Util-0.3/nx util.cont —L =1. -6-—H) a@eme.ntm! 


Hit Repartition 


SOL Injection: 3.58% 


MSS: 33.53%) 


Intern: 55.97% -—— 


Directory Traversal: 0.53%. 
RFI: 1 Ao 

Evading: 4.50% 

Upload: 0.00% 


Figure 2. HTML page generated using nx_util 


On The Web 


¢ Nginx official Web Site: http://nginx.org/ 
¢ Nginx Wiki page: http://wiki.nginx.org/ 
- Naxsi Web site: https://code.google.com/p/naxsi/ 


An example of nginx.conf can be downloaded here: 
http://alexos.org/files/nginx.cont. 


Conclusion 
Now we have a complete cluster/load balancing system, 
and we have secured our web applications using Nginx 
and Naxsi WAF. Remember to create file and database 
replication for a completely fault-tolerant system. 

As this is my first article in BSD Magazine, many thanks 
to all for reading it! 


ALEXANDRO SILVA AKA ALEXOS 
Alexandro Silva aka Alexos lives in Salvador, Bahia, Brasil. He 
is an Information Security Consultant at iBliss Seguranga & In- 
teligéncia. He has been using FreeBSD since the 4.11 release and 
can be reached online at http://alexos.org. 


Listing 9. Configuring nx_util 


i CCl Use/ Pocal/ cre) nginx) maui S03 

Vex Ut Econ 

[abe Sblis 1b) 

data dir=/usr/local/local/etc/nginx/nx util-0.3/nx datas 
database vai n— 

MESSI OMS Mules —/MSe/ LOCelL/ Suc) mer mx<)/ Mer<si Come , mUlSs 

# cd /usr/ports/databases/sglite3 


Pies aliatsie cul il well=yua 


Listing 10. After executing a web vulnerability scan on the ACME 
web site, nx_util generates new whitelist rules 


a (call 7/ver/ log/moims-ervor. log) || ./nxiutil py —c /usir/ 
locally ete/ nginx ne Urll=U.3/nx er lcomr = 1-0 

Using stein. 

CommiurEInG co Gbps. 

teitei#tit Optimized Rules Suggestion #####tt tt 
i eOea coum. | ou a) Peer coum, | CINUl0 | paremehesis, 
probable sql/xss 


BasicRule wl:1011 “mz:SURL:/vulnerabilities/brute/|S$ARGS_ 


VAR: username”; 
ie WO Clebhnie sl. iaisialy, jee Combine ssl (INNO Ors)! |) jelctieiciiclelsteul's;, 
probable sql/xss 


BasicRule wl:1011 “mz:$URL:/vulnerabilities/brute/|$ARGS __ 


VAR: login”; 
iy Ole, lowiehes | i sika)i, jes Croyblayes tl (NONON0re)) |) jectceihelniesi is, 
probable sql/xss 
BasicRule wl:1010 “mz:$SURL:/vulnerabilities/brute/|$ARGS_ 
VAR: login”; 
i) eOvd! sCOUME TO (6.45), peer coune: (100; 29 |) obvicns probe 
BasicRule wl:1202 “mz:SURL:/vulnerabilities/brute/|SARGS VAR: login”; 


BasicRule wl:1205 “mz:SURL:/vulnerabilities/brute/|SARGS_ 


VAR: login”; 
# total count:1 (1.12%), peer count:1 (100.0%) | http:// scheme 
BasicRule wl:1100 “mz:SURL:/vulnerabilities/brute/|S$ARGS__ 

VAR: login”; 


i EO ecOunes In I2 a5 peor vcoune: | a 100R0.).)) mysql comment 
(ee) 

BasicRule wl:1007 “mz:SURL:/vulnerabilities/brute/|$ARGS__ 
VAR: login”; 


7 wore! coune: (1.123), pect count: 1 K10002) |) mysql keyword. (||) 
BasicRule wl:1005 “mz:SURL:/vulnerabilities/brute/ |$ARGS_ 
VAR: login”; 


i COua ll cOUmMe. lL (i122) peer coune. 1 (100207) || umeonmon: hex 


encoding (%00 etc.) 


BasicRule wl:10 “mz:$URL:/vulnerabilities/brute/|SARGS_ 
VAR: login”; 
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FreeBSD Programming 
Primer - Part 6 


In the sixth part of our series on programming, we will design a 
basic menu navigation system and style it with CSS. 


What you will learn... 
« How to configure a development environment and write HTML, 
CSS, PHP and SQL code 


displaying standard HTML pages which have been 
pulled from our database. We are now going to shift 
directions and start to look at the user interface of the CMS 
itself. Traditionally, menu links were hard coded into pages, 
which not only made long-term maintenance time-consum- 
ing but also error-prone. By leveraging the power of a da- 
tabase back end, we can easily extract the title and section 
of pages we want to display and if desired, include or ex- 
clude that content from the menu. For flexibility, we will also 
include the facility to add disparate links to other sites, etc. 
Many sites now use multi-level menus which are driven 
by a combination of SQL, Javascript / Jquery and CSS. 
Later on in the series, we will look at using Jquery to 
add this functionality, but for now we will concentrate on 
a block navigation menu that is displayed alongside the 
main content. 


S o far in this series, we have focused on adding and 


The SQL 

To demonstrate, let’s spin up a MySQL session and take 
a look at our content. At the shell prompt, login to MySQL 
and run some queries (Listing 1 — 2). 

By using the UNION keyword, we can combine the 
output of both SELECT statements into one result. This 
would be fine if we had a small site with not much content, 
but as the site grows, the menu would become unman- 
ageable in size. We could build the interface with a drop- 


BSD 


MAGAZINE 


30 


What you should know... 


¢ BSD and general PC administration skills 


down and filter by section, but we would just be postpon- 
ing the inevitable. An additional improvement would be to 
use a combination of a content type filter and a pager with 
the MySQL LIMIT keyword, restricting the display to a cer- 
tain number of items. This would help in the final design 


Listing 1. Logging in to MySQL 
#dev mysql -u bsduser -pcmsdbpassword 


Listing 2. Selecting our content 

mysql> use freebsdcms; 

(SELECT ‘news’ AS contenttype, id, title FROM 
news) UNION (SELECT ‘pages’ AS 


mysql> 


contenttype, id, title FROM pages); 


$------------- $----4}----------------------- 1 


contenttype | id | title | 


+------------- +----4}----------------------- + 
news il My first page | 
news ws My second page | 
news 5 Peirele 5 = Using Css. | 
pages 1 My first page | 
pages Z My second page 

+------------- 4+----4----------------------- + 


5 rows in set (0.00 sec) 
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and theming of the site, as we will know exactly how much 
browser real estate would be occupied by the menu itself 
even if the content expanded rapidly. 

The remaining issues are how to add disparate links 
and whether we want to display the content in the menu 
at all. For example, we might have an error page that only 
is displayed when the content is not found. While it would 
be useful to store this in the database, displaying it in the 
menu would be rather pointless. The question is where to 


store this data? We could have a separate menu table, 
with the ID of each page and a numeric flag (0, 1) to rep- 
resent do not display in the navigation menu or include in 
the menu. We would then have to maintain 2 tables when 
content is added and removed. This could be easily ac- 
complished using MySQL triggers. Alternatively, we could 
store the page status in the relevant content tables (e.g. 
news, pages) with a flag (0,1,2) to represent “do not pub- 
lish”, “publish but do not show in menu’, and “publish and 


Listing 3. Creating FAQ's table and adding status flag 


mysql> CREATE TABLE faqs LIKE news; 
mysql> ALTER TABLE fags ADD status INT DEFAULT 0 AFTER 


Comte: 


Listing 4. Adding auto increment to the FAQ table 


nysdi Allen ABER tags CHANeE wide ici ih Aut OS uNCREMEn LT, 


Listing 5. Adding data to the FAQ table 


mysql> INSERT INTO faqgs(id, title, heading, content, 
status, timestamp) VALUES(‘’, 
SE AOw il! > (Sues BROW, 


‘Aenean volutpat, ligula vitae 


Keaoreet dapibus, 7, Vy 


Listing 6. Amending the remaining tables 

mysql> ALTER TABLE pages ADD status INT DEFAULT 0 AFTER content; 
mysql> ALTER TABLE news ADD status INT DEFAULT 0 AFTER content; 
mysql> ALTER TABLE pages CHANGE id id INT(11) AUTO INCREMENT; 


mysql> ALTER TABLE news CHANGE id id INT(11) AUTO INCREMENT; 


Listing 7. Our 3 table content 


mysql> (SELECT ‘news’ AS contenttype, id, status, title 
FROM news) UNION (SELECT 
‘pages’ AS contenttype, id, status, title FROM pages) 


UNION (SELECT ‘faqs’ AS 


CONECHERY Oe, fC, Stabuc,, Eile EROM rage): 


+------------- +----}+-------- +----------------------- + 
| contenttype | id | status | title 
+------------- +----}+-------- +----------------------- + 
news iL 0 My first page 
news Z 0 My second page 
news 3 0 Article 6 = Wesing. Cos 
pages 1 0 My first page 
pages 2 0 My second page 
faqs il Z FAQ 1 
rales Z 0 FAQ 2 
faqs 5 1 FAQ 3 
faqs 4 2 FAQ 4 


ECCS 5 Z FAQ 5 
faqs 6 Z FAQ 6 
faqs yl Z FAQ 7 
faqs 8 Z FAQ 8 
fags 9 Z FAQ 9 
faqs 10 2 FAQ 10 
+------------- +----}+-------- $----------------------- + 


15 rows in set (0.00 sec) 


Listing 8. Updating the news and pages status 


mysql> UPDATE news SET status = 1; 
mysql> UPDATE pages SET status = 2; 


mysql> (SELECT ‘news’ AS contenttype, id, status, title 
FROM news) UNION (SELECT 
‘pages’ AS contenttype, id, status, title FROM pages) 


UNION (SELECT ‘faqs’ AS 


contenttype, id, status, title FROM faqs); 


+------------- +----}-------- +----------------------- + 
| contenttype | id | status | title 
+------------- +----}+-------- $----------------------- + 
news il ih My first page 
news Zz 1 My second page | 
news 5 1 Pinhole sa UsdiGe Goo. 
pages 1 2 My first page 
pages Z Zs My second page 
faqs i Zz FAQ 1 
faqs 2 0 FAQ 2 
ales 5 1 FAQ 3 
Pace 4 2 FAQ 4 
faqs 5 Z FAQ 5 
faqs 6 2 FAQ 6 
faqs 7 2 FAQ 7 
faqs 8 z FAQ 8 
faqs 9 2 FAQ 9 
faqs 10 2 FAQ 10 
+------------- +----}+-------- $----------------------- + 
15 rows in set (0.00 sec) 
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Figure 1. Bug in core.inc 


show in menu”. Both designs have their good and bad 
points from the implementation and data integrity view- 
point, but for the sake of simplicity, | will use the latter for 
our navigation menu. 

In the meantime, we have an FAQ definition in our file 
content.inc but we do not have any table data for it. We will 
now manually create the table and add 10 random FAQ en- 
tries (Listing 3-5). This will result in a new FAQ table with 
our status field. However, the ID field is not set to auto in- 
crement, so we need to change this (Listing 4). Now insert 
the data (10 entries) — replacing the title, heading and sta- 
tus (0, 1 or 2) as appropriate. We need to repeat the struc- 
tural amendments for our news and pages tables as well 
(Listing 6). Let's check what data we now have in the three 
tables (Listing 7). As we can see, the news and pages will 
not be published or displayed in the menu. Change this so 
the news items are not in the menu but published, but the 
pages are (Listing 8). Let us check in a browser if FAQ 
1, 2 and 3 are displayed. Visit http://yourserverip/faq/1 and 


& LAT2013 20:32PM 


Figure 2. CSS requires fix for FAQ content type 


you should get an error message “No template”. To rec- 
tify this, create a fags template.inc file IN /usr/home/dev/ 
data/templates with the following content (Listing 9). 

Bug alert! If you visit http://yourserverip/faq/1 you 
will find the page is not rendering correctly (Figure 1). 
You will receive an error message: Notice: undefined 
heading in /usr/home/dev/data/templates/faqs | 
template.inc on line 23. If you want to try and diagnose 
the problem, have a look at core.inc and skip the next 
code listing. The problem lies in the following code snip- 
pet. To fix it, change as follows (Listing 10-11). 

lf you visit http://yourserverip/faq/1, you will find the 
page is still not rendering correctly (Figure 2). The reason 
for this is that the the global CSS doesn’t know about our 
FAQ content type yet, so we need to modify global.css as 
follows (Listing 12). You may have to refresh or clear your 
browser cache to pick this up. This should result in the 


index: 


Listing 9. FAQ template 


<2php 
ie 
* 
 sbelofs: eesulelbe us sire 


* Template for our fag content type 


* For content type foo the corresponding template would be: 


P TEOomremplsirer a ie 


~ To sdaspikay <a aeld: 


» eeiletsie (S Carsile|| oes ae elle! eis clesthastel sid elo’ ||) 5 


* To hide a field omit it from here 


* To change the rendering order, just re-order the fields 


* NOTE: Any content generated by javascript will not 
be managed here 
is AVclosing.2> tag 1s mandatory 
x 
/ 
render (Stheme[ ‘heading’ ]); 


render (Stheme[ ‘content’ ]); 


(ee 


Listing 10. Bad code! 


if(Spos > Soffset) { 


Stheme[Skey] = div(Sresult[Skey], Skey.’-'’.Sid, Skey); 


Listing 11. Good code 


if(S$pos >= Soffset) { 


Stheme[Skey] = div(Sresult[Skey], Skey.’-'’.Sid, Skey); 


Listing 12. CSS to include FAQ content type 


#news, #page, #faq { 


Listing 13. Prevent non-published content showing 
$sql = “SELECT * FROM $content type WHERE id=’$id’ AND 
Stace — 70 lel Mier 
1 tee 
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First FAQ 


Aenean volutpat, ligula vitae laoreet dapibus 


& LAIOOLS 21:05PM 


Figure 3. FAQ working 


correctly rendered content in (Figure 3). However, if we 
visit http://yourserverip/faq/2 , we will see an FAQ page 
even though the status is 0. Modify core.inc as follows to 
fix this (Listing 13). This should now give a “No data” mes- 
sage. If you are still experiencing problems, ensure that 
the content.inc file is as follows (Listing 14). 


Building our menu 

How can we remember the filter value selected for the con- 
tent type? As HTTP is stateless, we could pass the param- 
eter to each page. This would get complex very quickly with 
multiple menus. A better solution would be to write a cookie 
to the visitors browser when the content type is filtered. To do 
this we will use Javascript, and specifically a suite of Jquery 


Useful links 

¢ Jquery library: http://code.jquery.com/jquery-1.10.2.min.js 

¢ Jquery cookie: https://github.com/carhartl/jquery-cookie/ 
blob/master/jquery.cookie.js 


libraries. Download jquery-1.10.2.min.js and jquery.cookie.js 
from the Jquery website. Place these files in the Javascript 
folder, then modify our source code as follows (Listing 15- 
18). When you visit http://youripaddress/faq/1, you should 
see a page similar to Figure 4. Clicking on the FAQ, News or 
Page button will raise a Javascript dialogue box. 


In the next part 

We will tie the onclick event to writing a local cookie, and 
extracting the links for the MySQL table. We will also look 
at using the Jquery library to build a multi-part menu. 


ROB SOMERVILLE 

Rob Somerville has been passionate about technology since his 
early teens. A keen advocate of open systems since the mid-eight- 
ies, he has worked in many corporate sectors including finance, 
automotive, airlines, government and media in a variety of roles 
from technical support, system administrator, developer, systems 
integrator and IT manager. He has moved on from CP/M and nixie 
tubes but keeps a soldering iron handy just in case. 


Listing 14. content.inc 


<7 pin 
/*® 
* 
7 COME Stie me Inaic 
* Defines content types for our CMS 


* 


Pe) 


// Define the content type. This must match any tables 


defined in our 


7/7 CMs 

~COMUcCDIETEypes| |) =" page. ; 
S(colcsiie evgesi ||| = ameter! 
~COMUCDIENLyYpco i) =) fewe | 


// Map each content type to a table. Each content type 
must be matched 


// to a corresponding table 


couieeioe icalledkes | josie | Sockeye - 
vooimiceiane ieslodbes || Viiclep | = ieereps 
PCONPeMiCgwaetes anes | |= Wevic.., 


Listing 15. header.inc include Jquery support 


J DOCIY EERE PUBL = We8C/ DID IMinn lO soieiery aN. 
"HEED (WWW WoL ord, Thy nimi, DTD, <iimil=sinictadtd = 
<html xmlns="http://www.w3.org/1999/xhtml” xml:lang="en”> 
<head> 

<meta http-equiv="Content-type” content="text/html; 
Charseu— seo ooo 477 

<link rel="stylesheet” type="text/css” 
href="/stylesheets/reset.css” /> 

<link rel="stylesheet” type="text/css” 
href="/stylesheets/global.css” /> 

<script sre—"/ javascript, jquery—-l. 10.2 min. 76” 
type="text/javascript”></script> 


<script src="/javascript/jquery.cookie.js” 


type="text/javascript”></script> 
<script src=”"/javascript/preload.js” type="text/javascript”> 


<<) BIC TON 
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Listing 16. core.inc 


Ewiueicaliemal Clerc iiLAs es lleclele(Slemisceic), || 


// veplace all spaces between tags 


ales 


} 


(OPTIMEZE) 
Sb = preg replace(‘~>\st<~', ‘><’, Sbutter); 
Sb = preg replace(‘/\r\n|\rl\n/’, ‘’, $b); 
Sb = preg replace(*!\st+!’, * *, $b); 
return $b; 

else { 


(7) SBUGEIEX = siGhicca on 16 


Petucn: oSblierec. 


Listing 17. index.php — add include menu. inc 


/), Menieer Une baLonms 


require ounce UNCHUDES. Menu. ime 7 


Listing 18. menu.inc 


<< Belay 


function menu(Stype) { 


require INCLUDES 


if ($typ 


Voontent mc” = 


== ‘navigation’) { 


// Build select statement for each content type 


Sleak equlagial 


// Omit the UNION keyword on the last item 


Soffset = 1; 

peaweg@clos — COlMul COnueneswallos |: 
ssqis= 

Srejeie eae ane © 


EOQise Oh (SCwoimecime icele leis Eis SiceiiesiMe cys) || 


// Burid Ehe *Opr1on, tor Eie Cconrent type 


Soption .= ‘<button onclick="window.alert(\’’. 


Scontenttype.’\’)”>’ .Scontenttype.’</button> énbsp;'; 


Soffset ++; 


Smenu = ‘'; 

omenuee—=— <divoclace — mann” Stype ie 
Smenu .= ‘<h2>’ Stype ine 

See A= os idle iar je! = 

Smenu .= Soption; 

Smenu .= ‘</div>’; 


reriucn omenus 


Listing 19. Menu CSS add to global.css 


.menu-navigation { 
border: lpx solid #DADADA; 
joreterelliogis slUheper 
aolelave a ONO Kae 


background-color: #E5E6AD; 


i 
Ome vO. 


600; 


Coles 


font-weight: 
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Figure 4. FAQ with Javascript onclick buttons 
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CRYPTOGRAPHY 


Elliptic Curve 


Cryptography and Basic Applications in BSD OS 


Over the past century, new IT discoveries and top technologies 
have been incorporated into our daily lives. As a result, one must 
decide whether computer security is essential or superfluous. 

In these times, when the Internet allows users to communicate 
easily around the world, many people use it to trade in goods or to 
protect against intruders. That’s why cryptological techniques and 


algorithms are an essential need. 


What you will learn.. 
Basic terms of Public Key evaaany 

: seis curves and their application to cryptographic methods. 

¢ Foundations of Elliptic Curve Cryptography. 

- Basic application of ECC public key techniques. 

- Development of ECC cipher and digital signature systems for 
NetBSD OS. 


form better than the traditional Public Key Cryp- 

tography (PKC) algorithms such as RSA. For this 
reason, introducing a new PKC approach based on elliptic 
curves could become important in the near future because 
these methods provide better performance over the former 
ones, although they are not as good as SKC techniques. 

Although all these aspects are known by the IT users com- 
munity, the most modern cryptographic techniques, such 
as those based on public-key algorithms like RSA, DSA or 
IDEA, show great promise to harden existing systems. In 
this context, public-key algorithms based on Elliptic Curves 
Theory (ECT) will be the main focus of this article. 

Hence, the main purpose of this paper is not only to 
present the associated terms and definitions of the Elliptic 
Curves Cryptography (ECC) methods, but also to dem- 
onstrate that these techniques are a subset of the gen- 
eral public-key cryptographic methods. Due to this fact, 
it's simple to deploy and use in Unix-like systems and, in 
particular, within NetBSD. 

Just allow me a digression, as | would like to apologize 
to the reader for the approach followed, which is some- 
times excessively abstract. A background knowledge of 


BSD 


S ymmetric Key Cryptography (SKC) techniques per- 


MAGAZINE 


se] 


What you should know... 

- Basic knowledge of public key cryptographic methods. 

« Basic knowledge of Abstract Mathematics, Modular Arithmetic, 
Algebraic Structures, and Group/Field Theories. 

« User-level background of NetBSD OS (a Unix-like OS). 


the science behind the ECC methods will help you easily 
understand the topics introduced here. 


Cryptography 

Cryptography is the scientific discipline of ensuring the se- 
cret transmission of information so that it can be read only 
by the message sender and receiver. There is a need, as 
old as human history, to protect personal information and 
privacy. The first reference to this topic can be dated back 
to 1900 BC in Egypt. Currently, cryptography must meet 
four basic requirements: 


¢ Privacy: Nobody else apart from the sender and receiver 
of a message can access the content of the message. 

¢ Non-repudiation: This mechanism ensures the identi- 
ty of the sender. 

¢ Authentication: Each of the participants involved in a 
communication process must prove their identity. 

¢ Integrity of information: Ensures that the content has 
not been modified during transmission. 


Cryptographic methods must not only protect the data 
from third parties but must also guarantee the integrity 
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of data transmitted, ensure the identities of both send- 
er and receiver and allow both of them to communicate. 
There are three types of cryptographic schemes that ful- 
fill these four requirements. According to the well-known 
terms used in the literature, we shall refer to non-ci- 
phered data as cleartext, and call encrypted data cipher- 
text. For third parties, it is common to use terms such as 
eavesdropper or man-in-the-middle. 


Cryptographical Algorithms and Types 

As explained in the previous paragraphs, the three types 
of cryptographic methods exist for two main purposes: to 
exchange information between two entities so that no- 
body else can read it and to verify that the information 
or data has not been modified during delivery. Within the 
first category, we have Symmetric Key Cryptography/Pub- 
lic Key Cryptography techniques and for the second one, 
we count on hash-functions. Let us briefly describe these 
three cryptological techniques. 


Symmetric-Key Cryptography 

For Symmetric-Key Cryptography (SKC), both sender and 
receiver share the same key to cipher and decipher (Fig- 
ure 1). 


nS 


plaintext ——____. clonertext ———————ia intext 
Figure 1. Symmetric Key Cryptography (SKC) 


That means SKC involves two people using the same 
(private) key for both encrypting and decrypting informa- 
tion. Because SKC uses a single key, algorithms based 
on this approach are faster than PKC and are easier to 
implement. However, the main weakness of SKC relies 
on the fact that before starting secure communication, 
both parties need to have a copy of the shared key. Under 
some circumstances, that can be impossible. 


Public-Key Cryptography 

Public-Key Cryptography (PKC), in which a pair of differ- 
ent keys are used. These keys are designated as public 
and private, depending on their usage (Figure 2). 


nN nN, 


plaintext —————————>- ciphertext ————————> plaintext 


Figure 2. Public Key Cryptography (PKC) 


In contrast to the SKC approach, using Public Key Cryp- 
tography (PKC) algorithms does not require that the public 
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key remain secure, and it does not matter at all if anybody 
other than the two parties in the secure communication pro- 
cess knows it. In fact, it is possible to go further by using 
both PKC and SKC for secure communications. In this way, 
two people create a secure channel by using PKC and then 
they can share a key so they can use SKC for further com- 
munication. This mixed approach takes advantage of the 
best of both worlds: performance and security. 


Hash Functions 
Hash functions (Digests), also known as one-way func- 
tions, map a value to a message. In this schema, the con- 
cept of key makes no sense as the purpose of these func- 
tions is not to recover the message but to ensure that the 
contents of the message have not been altered. 

These functions must exhibit a basic property: any mod- 
ifications in the message produce high variations in the 
final numeric result (Figure 3). 


hash function 
plaintext —————————  cipnertext 


Figure 3. Hash Functions (Digest functions) 


Categories of Cryptographic Algorithms 

The reason that three different categories of cryptograph- 
ic algorithms have been developed is motivated by their 
final applications. Hence, while hash functions have been 
created to ensure referential integrity of data, SKC was 
conceived for message ciphering and PKC plays an im- 
portant role in user authentication by means of the users’ 
keys exchange. 

Ultimately, SKC shows a higher performance than PKC 
algorithms as the latter takes three times longer to ex- 
ecute in comparison with SKC. As we explained in the 
introduction, this will be the motivation to look for better 
performance PKC algorithms. 

As explained in the previous section, SKC algorithms 
like DES and its variants 3DES, use a unique key to en- 
crypt and decrypt a message. Although this approach is 
easier to implement, there’s a handicap since before start- 
ing secure communications between two partners, both 
of them must have a copy of this key. Moreover, this key 
must be kept secret between the two participants so that 
a third party can't access the contents of the message. 

Although the use of SKC algorithms implies better perfor- 
mance, the price to pay is the inherent risk when two par- 
ties must share the same key and are usually not in touch. 

PKC algorithms are based upon the existence of a pair 
of complementary keys, named public and private key: 
the use of one of them is undone by using the other one. 
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The difference between the public and the private key is 
merely a matter of usage, as both keys are implemented 
as nothing more than integers from a mathematical point 
of view. Computers represent these integer numbers as 
strings. 

In contrast to SKC algorithms, PKC algorithms allow 
us to bypass the requirement of SKC that two actors 
must share the same key. The tradeoff in this case is the 
performance we would get by using SKC. Hence it is a 
matter of compromise to make the right decision about 
which to use. 

Also known as one-way cryptography, Hash functions 
are based on the existence of the inverse mapping for a 
map that associates a message/file with an integer num- 
ber or message digest. These hash mappings have two 
essential properties for security applications: 


¢ A small modification in the message produces a no- 
ticeable change in the final digest. 

¢ The calculus of the inverse of this function or mapping 
is very difficult, making it almost impossible to recover 
the original message starting from the digest of it. 


These algorithms are widely used to check the integrity 
of the transmitted data. Some known examples are the 
Message Digest (MD) algorithms such as MD2; MD4, 
used to encrypt passwords in MS Windows; and MD5, 
developed to eliminate MD4 weaknesses. 

An example of the use for each schema explained 
above is given in Figure 4. 


(Person A) 
Private Key 


(Person A) 
Message 


Session Key 


(Person B) 
Public Key 


Figure 4. Application for SKC, PKC schemas and hash (digest) functions 
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Up until now, the mathematical tools used to develop 
new cryptographic techniques were based on Modular 
Arithmetic and it is precisely this discipline the most im- 
portant point to introduce a new approach for PKC meth- 
ods, provided by Algebraic Geometry and materialized 
in some special functions termed Elliptic Curves. PKC 
based on elliptic curves is known as Elliptic Curve Cryp- 
tography (ECC). 


Elliptic Curve Cryptography (ECC) 

In 1985, Elliptic Curve Cryptography (ECC) was pro- 
posed by Victor Miller of IBM and Neal Koblitz of Wash- 
ington University as an alternative to the public key algo- 
rithms based on modular arithmetic and the factoring of 
big primes as a way of obtaining more robust and less 
computationally demanding algorithms. Elliptical cryptog- 
raphy is based on the resolution of the problem of discrete 
logarithm of the curve. However, before going deeply into 
these concepts, we need to let go of our mathematical 
prejudices and start thinking abstractly. 


Groups Theory and Modular Arithmetic 

Keep in mind before reading the following sections that 
we will not deal with numbers but with abstract entities. A 
group is nothing more than an algebraic structure defined 
on a set G whose elements are points. 

Since the elements of a set are points — it is possible to 
invent operations that associate a couple of points of the 
above mentioned set with the third one of the same set, 
which is known in Mathematics as an internal operation, 


Digital signature 


Digital Envelope 


Encrypted message 


Encrypted session 
key 


Message sent to person B 
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which is nothing more than one which associates at every 
pair of points of G another point of the same set endowed 
with the following properties: 


¢ Associability 
¢ Unit element 
¢ Inverse element 


Furthermore, if the commutative property happens, 
we will say of (G, +) it presents a structure of the abeli- 
an group. Let’s think about one of these sets because we 
will use it hereinafter. Let’s see the usefulness of another 
concept that is studied in Elementary Mathematics and to 
which it does not explain how to get profit of it, as are the 
relations of equivalence, which allow to establish classes 
of equivalence in the above mentioned set. Let’s take the 
whole numbers; let’s choose a non-negative whole num- 
ber, m, and establish a relation of equivalence: 


x Ry if and only if (x-y) mod m=0 


That means two integer numbers are related, if when we 
divide its difference by m, the remainder is equal to 0. In 
this way, we could have the following equivalence classes: 


[OJ={0; m, 2m, 3m, 4m} 
[1]J={1, m+1,2m+1,3m+l, ... } 
[mL {mals 2 tm) 3 Sima) yc ae 


That is to say, we have moved from a set Z with infinite el- 
ements to another one consistent of the resultant class- 
es of equivalence of introducing the previous relation that 
besides turns out to be finite. The above mentioned set 
named zn and its elements are [0], [1]... [m 1]. Let’s define 
now a “sum” operation that acts on two of these classes of 
equivalence, associating the third one of the following form: 


. (i+j-k) mod m = 0) 


~?e tr < 
~< @< 


Figure 5. Elliptic curves with coefficients a, 6 real 
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At first glance, these concepts seem to be somewhat ob- 
scure and complex since this operation on the set z_ mis 
the base of most of the algorithms of public key as Diffie- 
Hellman, DSA and RSA and is going to be the starting 
point for the algorithms of public key based on the Theo- 
ry of Elliptic Curves; algorithms which lead to ECC. 

Elliptic curves were originally introduced by the German 
mathematician Bernhard Riemann in the 19th century and 
these combine also Number Theory as Algebraic Geom- 
etry. From this point of view, an elliptic curve is nothing 
more than the set of points obeying a 3rd degree polyno- 
mial equation: 


Vy°=k>taxtb 


The shape of these curves depends on the choice for 
the parameters a and b, as can be seen in Figure 5. 

These curves have an interesting property: small varia- 
tions in the parameters a and b produce big variations in 
the points of the above mentioned curve. Let’s define an 
operation on one of these curves. 

We might show which is the natural number n such that 
the point o=np and this one is the problem ECDL. The 
foundation of the algorithms ECC takes root in the fact 
that a person can know the points P and Q, but determin- 
ing the number n is intrinsically difficult from a computa- 
tional point of view. 

Replacing the roles from a traditional point of view for 
IT security, we have two entities acting as our PKC keys: 


¢ Point Q Public Key ECC 
¢ Integer n Private Key ECC 


In summary, we have defined all required elements to 
make up a public-key algorithm based on EC theory 
which is very different from those ones based on pure 
modular arithmetic that try to exploit big prime numbers, 
such aS RSA or DSA. These ECC algorithms will pro- 
vide the same level of security but using smaller key siz- 
es compared to their predecessors, as shown in Table 1. 


Table 1. Key sizes comparison between RSA y ECC algorithms 


Key bits | Decrypt Time | Key bits ECC | Key bits rate 
RSA (MIPS Years) between RSA / 
EEG 
512 104 106 05:01:00 
768 108 132 06:01:00 
102 1011 160 07:01:00 
2,05 1020 210 10:01:00 
21,00 1078 600 - 35:01:00 
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As ECC key sizes are significantly smaller than those 
for RSA, the performance of ECC methods is higher, re- 
sulting in better response time as well as less memory and 
network bandwidth consumption. Nevertheless, ECC is 
much more efficient than RSA for the signature (company) 
and deciphered, but slower in counterpart for operations 
of monitoring signature (company) and encrypted; even 
with everything, for applications in which (MIPS) gives pri- 
ority to the shortage of resources of memory, bandwidth, 
or computer power, ECC would be the reasonable algo- 
rithm; for example in the case of embedded systems. 


Elliptic Curves. A Brief Introduction 

We are going to give a quick introduction on one of the 
most exciting topics of pure mathematics: the algebraic 
theory of elliptical curves, which are nothing more than al- 
gebraic expressions. Let a and b be integer numbers and 
consider the equation: 


V°=x>+axtb 


Let's suppose for a moment, that instead of using real num- 
bers for the above mentioned parameters a and b (as was 
shown in Figure 5), we assume that the above mentioned pa- 
rameters [0], [1], [2] belong to asetz p = {.... [p-1]}, such 
and since it has been defined in the previous paragraph, with 
p being a prime number; that is, divisible by itself and one, on 
that we define an operation (mod p) of the following form: 


x (mod p) = remainder of the integer division of x by p 


Let z pp be the set of elements x (mod p). Now we can 
focus our attention to the family of elliptic curves: 


y=" taxtb 


where a, b belong to the set z_p already defined and 
these two parameters meet the following relationship: 

4a? + 27b* !=0 (mod p) 

Also, we need another special point placed at infinite 
that we name O. It is feasible to define an internal op- 
eration “+” which maps two points P, Q over this curve 
to a third one R also belonging to it and, what is more, it 


is amazing that this new operation we have just created 
verifies these three well-known properties: 


¢ Unit Element: P+O=O+P=P 


¢ Inverse Element: For all point P there exists a point Q 
such that P+Q=Q+P=O 
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¢ Associativity: Given three points P, Q and R, the 
equation (P+Q)+R=P+(Q+R) holds 


A set of points provided with an operation adds that sat- 
isfies these three properties: it is said to possess the al- 
gebraic structure of group and if besides, it verifies the 
commutative property; that means, for any couple of 
points P, Q there is fulfilled that P+Q=Q+P, it is said that 
the above mentioned group is commutative or abelian. 
With it we have set all the formal elements for the defi- 
nition and development of algorithms of cryptography by 
means of the employment of elliptical curves or ECC. 


From Points to Numbers 
Let’s define a “sum-like” operation on points of an elliptical 
curve with coefficients defined on z_m of the following form. 
Let P and Q be two points characterized by their 
coordinates In zm x zm P = (xl, yl), Q = (x2, y2). 
The above mentioned operation adds up, associates 
with the point r=r+o the coordinates (x3, y3) calcu- 
lated of the form indicated below: 


MS AS = oC = eZ 
yo = A (81 =33) = yl, 


where a is equal to: 
A=(y2-yl) /(x2-x1) if P #Q 
and also: 

A=3x1?+a/(2yl) if P=0 


if p = g; that means, the coordinates for 2P. Now there 
comes the moment to go on from the abstract thing — the 
points — to the concrete thing — the coordinates — of agree- 
ment with the previous definition of sum that evidently, it 
does not have anything to see with the supreme operation 
that the reader intuitively knows. It is the elliptical curve: 


y°=x°?txtl 


defined over z  23={0,1,2,...22}. The points placed on this 
curve, will also belong to z__23 and they are part of a finite 
set containing 27 points indicated in Table 2 and there ex- 
ists a finite number of these points due to our choice. This 
fact is very important as computers are not able to work 
with infinite sets. Let P and Q be two points of our curve: 


P= (3,10) 
O=(9, 7) 
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Table 2. Points over y*=x*+x+1 defined on the finite group Z_23 


-0,1  -0,22 1,7 1/16 
-3,1 -3,13 -4 5,4 
75,19 -6,4 -6,19 7,11 
7,12 9,7 -9,16 11,3 
ie 124 (Eats EER 
13,16 173 17,2 18,3 
18,2 19,5 19,18 


Applying the previous formula, we see that P+o=(x 3,y _ 3) 
is determined by doing the mathematical operations de- 
scribed here: 


A=11 which belongs to Z 23 
E5="6.— 1? (mod.23) 
Voqo2 = 20 “mod 73) 


then P+Q gives, as a result, the coordinate point (17,20) 
placed on such a curve. Once the main characteristics 
for finite groups underlying elliptic curves have been an- 
alysed, it is possible to start with the concepts used for 
PKC based on such abstract entities. For ECC systems, 
there are three different approaches: 


¢ Schema ECC Diffie-Hellman, based on Diffie-Hell- 
man (1976) algorithm. 

¢ Schema ECDSA, based on DSA or Digital Signature 
Algorithm. 

¢ Schema ECMQC based on MQV approach. 


Most importantly, it is the reason for the one that is pos- 
sible to use these abstract entities in public-key cryptog- 
raphy that the security level of the ECDSA algorithms 
is the intrinsic difficulty of solving the discrete logarithm 
problem for elliptic curves (ECDLP) by means of brute- 
force attacks, which consists of the determination, given 
a curve E over z_ p», the integer k between 0 < 1 < n -1 
such as o=kp, whenever this number does exist. 

In order to avoid the proliferation of advanced topics 
and the subsequent overload for readers, we are going to 
focus now on ECDSA schemas and their application for 
cryptographic techniques in BSD OS, with a special em- 
phasis on cipher and digital signature applications. 


ECDSA Algorithm: A brief Introduction 

ECDSA proposes a slightly analogous algorithm to DSA in 
which, rather than working with the set zp ={0,1,2,...p- 
1}, the points over an elliptic curve with parameters a,b € 
zp Will be used instead. 
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Depending on the final use, ECDSA algorithm can be 
divided into two classes; one for cipher and the other one 
for signature generation. We discuss each of these class- 
es separately. 


Public/Private Keys Generation for ECDSA 
The process of key pairs generation for ECDSA is based 
on the procedure detailed below: 


¢ Choose an elliptic curve defined over a set of integers 
mod p, z_ p. The number of points for the curve shall 
be divisible by a positive prime integer n. 

¢ Select a point P over the elliptic curve whose order is 
n; that means, a point such as np=o. 

¢ Select an integer d within the interval {1, 2, 

¢ Calculate the point o=ap 
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As a result, we get a pair of keys in which: 


¢ Public Key is the set of values (E, P, n, Q) 
¢ Private Key is the integer d, which belongs to the set 
(yy ig, We) 


Let us study now the three schemas for cryptography we 
introduced before and their application to the basic prob- 
lems in cryptography. These schemas can be extend- 
ed to ECC algorithms and, in particular, to ECDSA algo- 
rithms; such as cipher of messages, and digital signature 
generation and verification. 


Digital Signature Generation and Verification 
(ECDSA) 

The proposal for ECDSA to get the digital signature for a 
message is Summarised in the 6-step procedure below: 


¢ Choose an integer number k belonging to the set 
{1,2, ... n-1} 

¢ Calculate kKPa(x Ly. 1)s and then set r = x mod n. 

¢ If r=0, go to step 1, because if r=0, the equation s=k~*{- 
1}[h(m)+dr] mod n Will not contain the private key a 
and a valid d is required. 

¢ Calculate k*{-1} mod n. 

¢ Calculate s=k*{-1}[h(m)+dr] mod n where nh is the re- 
sulting value provided by SHA-1 algorithm. 

¢ If s=o go to step 1, to ensure the existence of an in- 
verse s*{-1}. 


Eventually, a digital signature, according to ECDSA, is 
nothing more than the pair of positive integers (r,s). 

To verify a signature provided by ECDSA, the process 
consists of four sequential steps: 
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¢ Geta copy for public key’s signature (E, P, n, Q) and 
verify that the signature (r,s) is included in the set of 
integers {1, ..., n-1} 

¢ Calculate w=s*{-1} mod n and hii) 

¢ Calculate u _1=h(m)w mod nandu_ 2=rw mod n 

¢ Calculate u —1P + u_ 20=(x_ 0,y_ 0) and v=x 0 mod n. 


In this way, a digital signature will be valid whenever v=r 
holds. Thus, we have a simple description of the pos- 
sibilities of ECC to act as a replacement for traditional 
PKC algorithms. 


Practical Applications, Small Privacy Guard (SPG) 
Released in April 2009, version 0.3.1 of Small Privacy 
Guard appears as an application based on ECC cryptog- 
raphy, that can be used not only for the coding and deci- 
phering of messages but also for digital signatures. SPG 
is the alternative to Pretty Good Privacy (PGP) of P. Zim- 
mermann, developed from 1991, and the Open Source 
versions like OpenPGP and GnuPG. 

This application is freely available at the URL hitp:/ 
spg.sourceforge.net in the form of source code under 
the terms of the Lesser General Public License version 
2.0 (LGPLv2) for download. Unlike PGP, the keys are not 
linked to email addresses or user’s names. 

The power of this application, as any product that ad- 
mits ECC cryptography, is based on the number and com- 
plexity of the implemented elliptic curves. In the case de- 
scribed in this article, SPG has 11 such curves: 


¢ secp112r1 

¢ secp112r2 
¢ secp128r1 
¢ secp128r2 
¢ secp160r1 
¢ secp160r2 
e secp192r1 
¢ secp224r1 
* secp256r1 
* secp384r1 
* secpd21r1 


whose key sizes vary from 112 to 521 bytes. 

The reader acquainted with GPG will not have a prob- 
lem in adapting SPG as an alternative tool in cryptograph- 
ic applications in Unix-like systems such as NetBSD. To 
start with the installation process, the following require- 
ments must be satisfied: 


¢ OpenSSL Development libraries. 
¢ gcrypt development libraries. 
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For NetBSD distributions, the installation process is au- 
tomated thanks to pkgsrc system, thus there is no need 
to install utilities such as OpenSSL and Qcrypt. Other- 
wise, these libraries should be installed before down- 
loading the source code for SPG application. If you want 


Listing 1. Standard test cases provided by SPG application 


5 make tests 


INFO: File encrypted 

Message encrypted ok 

tteetHeee SeCPO21r1 decrypting data ###HHTTFEETFEETEE 
INFO: File decrypted successfully 

Message decrypted ok 

INFO: File decrypted successfully 

Message decrypted ok 

ALL TESTS PASSED 


Listing 2. Test cases execution for SPG application 
eiele So, = EINE Oy =e ethers © 

GCC dee Noi O2 6 ecenc 

CRO 10) aie (0) te ele Morena ene 

Geer = Nae O2 Seeman mee 

Teer. -Wallll--02 ce ita se 

gee =g Wali 025 ec sy merpnen: ac 


jee =q -wWall -—02 —e help.e 

CMe IG) BING) Caves 0 SCORO Se Seine oO) melee) Uw lks <6) 
sil Capolaise.© Inelio-g Skee yiou —oumcoce ~ Teel Nee yore 
“done” 


echo 


cp spg tests/ && cd tests && ./tests.sh 


Listing 3. SPG application usage and options 


Use: sog commands [options] [file =]... | 
Commands are: 

6 ==G60 key GStieeere Deiveie Jey 

-X --xport eXport public key from private key 
-S --Sign Generate message signature 

-v --verify Verify message signature 

Se SSSI IOV Oe, IMC C1 

-d --decrypt Decrypt 

ai lst eUeves Ih Sr samp lene mired  euianes 
-h --help Print help and exit 

Options are: 

-c --curve Use this curve 

Sib = —chiajeibleiisyehe swe 

=-O, - OULU Olcpue tule 


-V --verbose Be loud 


Sc =m ng Princ time Spent Computing ece algorithms 
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to perform an installation from the source, uncompress 
the downloaded file by issuing the commands and start- 
ing the build process: 


5 tar zxvf spg.tar.gz && cd spg 
S$ make all 


It is recommended to execute the tests in order to check if 
the application works properly (see Listing 1). To test SPG, 
execute the command and verify that all proposed tests are 
successfully passed. Once this step is finished, it is time to 
get started with the first steps using ECC cryptography by 
means of SPG to examine its use and features for key gen- 
eration, crypt and decrypt, as well as digital signature man- 
agement, which were introduced for ECDSA algorithm (List- 
ing 2). The SPG application uses a command-line interface 
(CLI) that allows the commands and options shown in List- 
ing 3. Eventually, we are going to analyse SPG within the 
three basic processes for Digital Cryptography. 


ECC Key Generation for SPG 

All processes based on ECC shall use one of the 11 elliptic 
curves currently implemented in SPG 0.3.1. To generate a 
pair of keys using, for instance, the curve secp521r1 which 
provides the strongest security level, the command is: 


> Spgq =a =—c secpoZirl. <o-ecc, key 
This command stores the private key in an ASCII file 
ecc.key (see Listing 4). Once our private key has been 


generated, its complementary public key shall be ob- 
tained by means of the command: 


> Spg “x--k eco. key -“o~ece pub. key 


which stores it in the file ecc  pub.key, whose contents 
are reproduced below. Notice that the elliptic curve does 
not need to be specified again once the private key has 
been generated (Listing 5). 

In this way, we have already the necessary elements to 
develop the most common applications for cryptography. 
The only thing left to do is to assign each pair of keys to 
a specific user. 


Crypt/Decrypt with SPG 

Using the public key we created in the previous section to 
encrypt a single file, let’s say myfile.c, we can cipher the 
file into one with the extension .enc as shown below: 


> spg -e =k occ. pub.key myilée.c 
INFO: File encrypted 


Before decrypting the file, rename it in order to delete 
the .enc extension: 


S file myfile.c* 
myfile.c: ASCII English text 


myfile.c.enc: data 


The decryption process is quite similar, just swap the 
public and private ECC keys: 


S spg -d -k ecc.key -o myfile.c myfile.c.enc 
INFO: File decrypted successfully 


The procedures concerning SPG installation and ba- 
sic Operations can be applied to a wide variety of Unix 
systems and not only for our target BSD OS in a very 
straightforward way. 


Listing 4. ECC Private Key based on elliptical curve secp521r1 


QOYTehsOrMVKFNPcgiXFHJT+H61Oupm54ICJhAxkUja5vzeJPZBpgkdHeWS ke5o0E 
Xi10KswHyU81g14Ap7RO8BOESQgHUtwr0Q04dfviltuFzSjTxjl5cVeFhfq4xhrVxxn 
86LsTSGw8o0eTeAab3sc0iSxdjTD3hqHWdRfVwnjN2+tOk6Ez40F/rpqFeU5iTgMV 
rNCB8 I JmcOxBOJU9nwW1lWuyD3rBVrP80x6tSITHEKaiVR+0ogyJL30Q78LfIW8h14d 
OLQaJtOD5Q1zZWNwWNTIxcjE= 


QOYTehsOrMVKEFNPcgiXFHJT+H61Oupm54ICJhAxkUj a5vzeJPZBpgkdHeWS ke5o0E 
X10KswHyU81g14Ap7RO8BOESQgHUtwr0Q4dfviltuFzSjTxjl5cVeFhfq4xhrVxxn 
86LsISGw8oeTeAab3scO01iSxdjTD3hqHWdRfVwnjN2+tOk6Ez4wlzZWNwNTIxcjE= 
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Digital Signature and Verification (ECC) with SPG 
To conclude with the ECC applications provided by SPG ap- 
plication, we describe the use of digital signatures for files and 
the subsequent verification. Let us take as an example the file 
message.txt, whose contents may be found in Listing 6. 

By using our private key, the process to get a digital sig- 
nature associated to this file, is given by the command: 


S spg -s -k ecc.key -o signature message.txt 


The resulting ECC-based digital signature is shown in 
Listing 7. 

Obviously, to check that the file has not been altered, 
you have to use the public key provided by SPG by typing 
the command: 


Listing 6. Contents of message.txt file 


S$ cat message.txt 
Recuerde el alma dormida, 
avive el seso y recuerde 


contemplando: 


Como se pasa la vida, 
cémo se viene la muerte 


tan callando. 


Listing 7. Digital signature for message.txt 


S$ cat signature 


TdcemNX yWFQ4RRZ4VeuAc7siaJDUT/ fJT10+aZkLOmpx133Ze 


Listing 8. Generating a key 


# ssh-keygen -t ecdsa 


Generating public/private ecdsa key pair. 


Enter passphrase (empty for no passphrase): 


Enter same passphrase again: 


The key fingerprint is: 


Listing 9. The key’s randomart image 


te =) CO IDICY Sir 29) ol a 


Ose 


Enter file in which to save the key (/root/.ssh/id ecdsa): 


Your identification has been saved in /root/.ssh/id_ecdsa. 


Your public key has been saved in /root/.ssh/id ecdsa.pub. 


724d: OU ct Sie sas 4d: dashes: iereor irs ib:ect ir LooEecdneopcl 


» Spg =v -k ecc pub. key -1 Signature message. txt 


INFO: Signature is valid 


Hence we finish the study of application ex- 
amples for SPG to illustrate the application of 
ECDS algorithms in Unix-like systems. 


Another useful application: OpenSSH 
and ECC Usage 

Although there is no reason to fear possible 
weaknesses with RSA/DSA methods, the ECC 
may provide an additional method to generate 
public/private keys. Likewise, ECC and the ECD- 
SA support, it is a different system to avoid the 


OdpgUmdMn+5 I FH+1MCVx9Wcj rHT8 fmKdu4LB44jn/UxmYa2if4vfSwugq7W59tv3d existence of a single point of failure in case a se- 
texOuBez6mj 7AXiu58QKLCYBOZ9FOrfrkVZ4tESoQONujxOYkXKeBesyb2m9Ydir curity breach occurs. 


As NetBSD 6.0 incorporates OpenSSH 5.9 to- 
gether with ECSDA support and OpenSSL 1.0.1¢c 
by default, the generation of a pair of user’s keys 
follows the same procedure used for RSA/DSA 
keys with no need for additional recompilation for 
OpenSSH utilities (Listing 8). 

The key’s randomart image is shown on Listing 9. 

As you can see, the use of ECC methods for 
SSH authentication is really straightforward and 
there is no additional effort to generate alterna- 
tive authentication based on elliptic curve crypto- 
graphical methods. 


ECC and Current Standards 

It is required to digress a bit and introduce some 
concepts on the standardization of these algo- 
rithms, in order to promote the interoperability 
and facilitate the use of technologies currently in 
use. Standards for ECC are currently being pre- 
pared by some international organizations: 

ECC algorithms are being standardised by the 
American National Standards Institute (ANSI), 
more precisely by the ASC XQ (Financial Ser- 
vices) working group, and there are two docu- 
ments: ANSI X9.62, The Elliptic Curve Digital 
Signature Algorithm (ECDSA) and ANSI X9.63, 
Elliptic Curve Key Agreement and Transport Pro- 
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tocols. Additionally, elliptic curves have also been intro- 
duced into the specifications for PKC algorithms. 

On the other hand, the Internet Engineering Task Force 
(IETF) describes a modified protocol to accept/reject keys 
which is a variant of Diffie-Hellmann algorithm using ECC. 

The International Standards Organisation (ISO) is work- 
ing in Appendix 3 included in ISO/IEC 14888: Digital sig- 
nature with appendix, which is mainly devoted to the 
certificate-based mechanisms. These mechanisms also 
support ECC. 

The Asynchronous Transfer Mode (ATM) Forum Techni- 
cal Committee’s Phase | ATM Security Specification draft 
document tries to introduce new mechanisms to reinforce 
ATM network security, by providing the necessary support 
for a wide variety of public-key algorithms such as RSA, 
DSA, and indeed ECDSA. 

To sum up, it is clear that the family of ECC algorithms 
are serious candidates to replace the traditional PKC al- 
gorithms used in the industrial, financial, and science sec- 
tors in cases where a better performance at the same se- 
curity level is required. 


Conclusion 

As indicated in the introduction, the technologies of digital 
cryptography, in general and especially those related to 
Public Key methods, are based on a family of mathemati- 
cal problems represented by abstract elements and enti- 
ties that only can be clearly understood by using higher 
mathematics. 

Concretely, the main advantage of the ECC algorithms 
arises from the low resource requirements at the mo- 
ment of doing the coding, deciphering, signatures and 
checking operations of these, as well as the total inde- 
pendence of the platform and most importantly, the pub- 
lic availability of the algorithms, which are in the phase 
of adoption by the most important international agencies 
of standardization. 

The ECC algorithms provide, as explained in this article, 
among all existing public-key algorithms, the highest de- 
gree of protection with the smallest key size in compari- 
son with the public key algorithms used at present. With 
a module of 160 bits, an algorithm ECC as ECDSA offers 
the same level of security as a DSA/RSA with 1024 bit- 
module. Working with keys of low size saves bandwidth, 
involves smaller digital certificates, and leads to quicker 
algorithm implementations with lower resource consump- 
tion and hardware requirements. 

For those readers interested in a more in-depth study 
of elliptic curves, | recommend the latest book by Avner 
Ash and Robert Gross, “Elliptic Tales: Curves, Counting 
and Number Theory”, which describes the latest devel- 
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